Malware modeling and experimentation through parameterized behavior

Z. Berkay Celik, Patrick McDaniel, Thomas Bowen

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Experimentation is critical to understanding the malware operation and to evaluating potential defenses. However, constructing the controlled environments needed for this experimentation is both time-consuming and error-prone. In this study, we highlight several common mistakes made by researchers and conclude that existing evaluations of malware detection techniques often lack in both flexibility and transparency. For instance, we show that small variations in the malware’s behavioral parameters can have a significant impact on the evaluation results. These variations, if unexplored, may lead to overly optimistic conclusions and detection systems that are ineffective in practice. To overcome these issues, we propose a framework to model malware behavior and guide systematic parameter selection. We evaluate our framework using a synthetic botnet executed within the CyberVAN testbed. Our study is intended to foster critical evaluation of proposed detection techniques and stymie unintentionally erroneous experimentation.

Original languageEnglish (US)
Pages (from-to)31-48
Number of pages18
JournalJournal of Defense Modeling and Simulation
Issue number1
StatePublished - Jan 1 2018

All Science Journal Classification (ASJC) codes

  • Modeling and Simulation
  • Engineering (miscellaneous)


Dive into the research topics of 'Malware modeling and experimentation through parameterized behavior'. Together they form a unique fingerprint.

Cite this