CERT-SEI

Staff Profile

Jose Andre Morales

Researcher

Key Responsibilities

Academic Research in Cyber Security -September 2011 – Present, Carnegie Mellon University, Software Engineering Institute, CERT program. Current responsibilities include: Conducting research in the areas of computer security focusing on academic publications.  Creating a department wide broad research agenda by establishing thrusts combining fundamental research with ongoing projects. Assisting fellow employees in viewing their ongoing work from a research perspective.  Establishing synergistic collaborations with institutions external to the SEI.

Professional Background

Researcher
September 2011 – Present, Carnegie Mellon University, Software Engineering Institute, CERT program.  Responsible for conducting academic research in the areas of computer security with a focus on malicious & unwanted software.

Research Assistant Professor
September 2010 – September 2011, Institute for Cyber Security, University of Texas at San Antonio.  Responsible for creating a symptoms behavior-based real-time malware detection approach.  Symptoms abstractly define fundamental and essential execution behaviors observed in known malware samples.  Lead a two person team in the development of the Aegis core, real-time execution behavior analyzer used in symptoms based malware detection. Lead development of OMAS, Online Malware Analysis System which is built around the Aegis core, http://omas.ics.utsa.edu 

Post Doctoral Research Fellow
January 2009 – August 2010, Institute for Cyber Security, University of Texas at San Antonio.  Responsible for creating rules for real-time botnet detection.  Required extensive literature review and analysis of several hundred bot samples.  Lead a five person team in developing a real-time passive monitor which detects bot presence based on rules abstractly defining anomalous operating system and network behaviors previously observed in known bot samples.  Results published in peer reviewed conferences.

Publications (recent or significant)

Journals - Total: 3
 
“Identification of File Infecting Viruses through Detection of Self-Reference Replication”, Jose Andre Morales, Peter J. Clarke, B.M. Yi Deng.  Journal in Computer Virology Special EICAR conference invited paper issue, Springer Paris, published online  July 2008; published in print Volume 6/Number 2, May 2010, pg. 161-180.  http://www.springerlink.com/content/f13m405335g40132/ - PDF
 
“Characterization of Virus Replication”, Jose Andre Morales, Peter J. Clarke, B.M. Golam Kibria, Yi Deng. Journal in Computer Virology Special Issue on Theory of Computer Viruses Workshop, Springer Paris, Volume 4/Number 3, August 2008, pg 221-234.
 
“Testing and Evaluating Virus Detectors for Handheld Devices”, Jose Andre Morales, Peter J. Clarke, B.M. Golam Kibria, Yi Deng. Journal in Computer Virology Special Issue on Mobile Malware and Anti-malware Technologies, Springer Paris, Volume 2/Number 2, November 2006, pg. 135-147. http://www.springerlink.com/content/4p1413068273451h/ - PDF
 
Refereed Conferences & Workshops - Total: 13
 
"Analyzing Malware Detection Efficiency with Multiple Anti-malware Programs”, Jose Andre Morales, Shouhuai Xu, and Ravi Sandhu, Proceedings of the 2012 ASE International Conference on Cyber Security, December 14-16 2012, Washington D.C.

“Building Malware Infection Trees”, Jose Andre Morales, Michael Main, Weiliang Lou, Shouhuai Xu, and Ravi Sandhu, Proceedings of the 6th IEEE International Conference on Malicious and Unwanted Software (Malware 2011), October 18-19 2011, Fajardo, Puerto Rico, acceptance rate 37%.
 
“Proximax: A Measurement Based System for Proxies Dissemination”, Damon McCoy, Jose Andre Morales, and Kirill Levchenko, Fifteenth International Conference on Financial Cryptography and Data Security (FC 2011), February 28 - March 4, 2011, St. Lucia, aceeptance rate 35%.
 
“Evaluating Detection & Treatment Effectiveness of Commercial Anti-malware Programs”, Jose Andre Morales, Ravi Sandhu, and Shouhuai Xu, Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (Malware 2010), October 19-20 2010, Nancy, France.
 
“Analyzing and Exploiting Network Behaviors of Malware”, Jose Andre Morales, Areej Al-Bataineh, Shouhuai Xu and Ravi Sandhu, Proceedings of the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2010), September 7-9, Singapore, acceptance rate 25%. PDF
 
“Symptoms-Based Detection of Bot Processes”, Jose Andre Morales, Erhan Kartaltepe, Shouhuai Xu and Ravi Sandhu, Proceedings of the Mathematical methods, models and architectures for computer network security 2010 Conference (MMM-ACNS 2010), September 7-10, St. Petersburg, Russia, acceptance rate 29%. PDF
 
“Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures”, Erhan Kartaltepe, Jose Andre Morales, Shouhuai Xu and Ravi Sandhu, Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS 2010), June 22-25, Beijing, China, acceptance rate 18%.
 
“Analyzing DNS Activities of Bot Processes”, Jose Andre Morales, Areej Al-Bataineh, Shouhuai Xu and Ravi Sandhu, Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), October 13-14 2009, Montreal Quebec, Canada, acceptance rate 39%.
 
“Detecting Self-Reference Replication Behavior in Win32 Viruses”, Jose Andre Morales, Peter J. Clarke and Yi Deng, Proceedings of the 17th Annual European Institute for Computer Anti-Virus Research (EICAR) Conference, May 3-8 2008, Laval France.

“Characterizing and Detecting Virus Replication”, Jose Andre Morales, Peter J. Clarke and Yi Deng, Proceedings of the Third International Conference on Systems (ICONS), April 13-18 2008, Cancun Mexico, acceptance rate 27%.
 
“Threat of Renovated .NET Viruses to Handheld Devices”, Jose Andre Morales, Proceedings of the ACM Southeast Regional Conference (ACMSE), February 2008, Auburn, Alabama.
 
“Testing and Evaluation of Virus Detectors for Handheld Devices”, Jose Andre Morales, Peter J. Clarke and Yi Deng, Proceedings of the NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM). November 7-8 2005 at Long Beach California.
 
“Characterizing Virus Replication”, Jose Andre Morales, Peter J. Clarke, Yi Deng. Presented at the 2nd International Workshop on the Theory of Computer Viruses in Nancy, France; May 10-11, 2007.
 
Book Chapters - Total:3 - Book Information
 “Timeline of Mobile Malicious Code, Hoaxes and Threats”, Mobile Malware Attacks and Defense, Jose Andre Morales and Ken Dunham, Syngress Publishing 2008, Chpt. 3
 
“Overview of Malicious Mobile Code Families”, Mobile Malware Attacks and Defense, Jose Andre Morales, Syngress Publishing 2008, Chpt. 4
 
“Taxonomy of Mobile Malicious Code”, Mobile Malware Attacks and Defense, Jose Andre Morales, Syngress Publishing 2008, Chpt. 5

Contact Jose Andre Morales

SEI Blog