Comodemia

Unparalleled research tools from industry-leading cybersecurity provider

Since 1998, Comodo has been known as a global leader in innovation and trust within the cybersecurity industry. In 2015, Comodo became the market leader in SSL certificates worldwide, surpassing Verisign, and a dominant player in consumer antivirus protection, developing innovative technologies like Comodo Containment.

Comodo, as a matter of company policy, supports scientific research and collaboration with academia. Comodemia is a new platform for students, researchers, and academicians, working to advance this commitment to collaboration further than ever before. In fostering collaboration between industry leading professionals and professional researchers, Comodemia catalyzes the development of new ideas and methodologies in cybersecurity. Comodemia is driven by an experienced team of business and cybersecurity leaders with offices in California, Turkey, Romania, India, Ukraine, China, and a headquarters in Clifton, New Jersey.

Today, Comodo has more than 85 million desktop security software installations, more than700,000 business customers, and 8,000 global partners and affiliates. It is the market leader in SSL Certificates, with more than 41% of SSL certificates issued by Comodo as of June 15, 2017, according to w3techs.com.

Comodo-Academia Collaboration

Thousands of companies and organizations rely on Comodo's technology to authenticate, validate, and secure their most precious asset—information—and to combat constant malware threats and cyberattacks.

Comodo develops innovative solutions that secure enterprises from both known and unknown threats—across the endpoint, boundary, and internal network. With its vast cyberdefense resources, Comodo seeks academic collaborations from universities all over the world.

Comodo has the expertise and experience to raise cybersecurity research to the next level. Collaboration with researchers is the starting point to inventing ever-more precise threat detection and prevention technologies. As a researcher working with Comodo, you’ll get full support from industry experts, and unparalleled access to valuable cybersecurity data.

Join Comodemia to start using the platform and data sets, free!

Research
Topics

Comodo offers you to research to the following topics. If you interested in these subjects or you have another offer please contact us.

Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc..)

  • Extracting call graphs from executable files using API Call sequences generated from Dynamic Analysis Sandboxing or using Static Analysis Disassembling techniques
  • Implementation of different graph similarity techniques such as graph isomorphism, maximum common sub-graphs, minimum graph edit distance, etc..
  • Clustering known malware samples using approximation algorithms like k-means clustering, DBSCAN clustering, etc..
  • Classifying unknown samples using this clusters and implemented similarity comparison techniques

Dynamic Analysis, API Call Sequence based techniques

  • Extracting call graphs from executable files using API Call sequences generated from Dynamic Analysis Sandboxing
  • Categorizing API calls in to high level operation groups
  • Implementation of API call sequence alignment technique (DNA sequence alignment, multiple sequence alignment, etc.)
  • Implementation of techniques to recognize common patterns on generated sequences (longest Common Subsequence, Edit Distance, etc.)
  • Revealing common call sequence patterns of different malware families
  • Removing Sequence patterns seen on benign samples to minimize false positive rate.

Static Analysis, Opcode Sequence based techniques

  • Op-code extraction from clean and malware samples
  • To use Op-code Sequence information: Implementation of statistical classification techniques and training (using n-grams, Levenshtein / Euclidean distance, or other sequence similarity search techniques)
  • To use Op-code Occurence information: Implementation of occurence generation and comparison techniques

New methods to combine Dynamic and Static Analysis results

  • Combination of individual analysis results
  • Performing hybrid analysis (using combined features gathered from both Static and Dynamic analysis)

Malicious Documents detection techniques (malicious JavaScript blocks on PDF samples, etc.

  • Implementation of featur extraction techniques specific to each document type (PDF, MS document, etc.)
  • Signature extraction using known malicious samples and signature based detection
  • Heuristicaly classifying benign and malware samples

Active-learning Generic Signatures for specific malware families

  • Implementation of signature extraction techinques(Static / Dynamic)
  • On-the-fly learning form newly labeked / precisely detected malware samples(Learning could be improving existing classifiers, enhancing existing signatures, etc....)

Researching file reputation by statistic

Different statistic behaviours can be researched by criterions for file classification (malware, safe, system update etc.,). In study, differenet types of statistics: geo-distribution, frequency/time graphs, populating through subnets by time etc. can be used.

Fully automated signature generation based on machine learning models

  • Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc.)
  • Dynamic Analysis, API Call Sequence based techniques
  • Static Analysis, Opcode Sequence based techniques
  • New methods to combine Dynamic and Static Analysis results
  • Active-learning Generic Signatures for specific malware families

Unpacking Techniques

  • Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc.)
  • Dynamic Analysis, API Sequence based techniques
  • Static Analysis, Opcode Sequence based techniques
  • Malicious Documents detections techniques (malicious JavaScript blocks on PDF samples, etc.)
  • Active-learning Generic Signature for specific malware families

Creating an efficient and online clustering method based on fuzzy hash distance

There are fuzzy hash algorithms like nilsimsa and spamsum for detecting similarity between 2 text pieces. In order to detect similar bulk mails properly, we need to be able group (cluster) them based in a efficient way Since ASLab has continuous data flow, this module need to perform a stream clustering algorithm.

Anomaly detection in bulk mails

Spam/Phishing mail are usually sent in numbers. Howerver there are also legit mails, like newsletters, which are also sent in bulk. Creating patterns for legit bulk mails (by observing for a duration) and detecting out of the ordinary bulk mails will help creating alerts for suspecious behavior.