Day 1 - October 28, 2014


 7:00 - 9:00 AM

Registration & Breakfast

 9:00 - 9:15 AM

Welcome Remarks - Dr. Fernando Colon Osorio, General Program Chair

 9:15 - 10:15 AM

Keynote:" Eliciting maliciousness: from exploit toolkits to evasive Malware"

Dr. . Giovanni Vigna, Chief Technology Officer of Lastline, Inc., and Department of Computer Science at the University of California in Santa Barbara

10:15 - 10:30 AM


10:30 - 12:30 PM:


Session # 1:  Emerging threats and Malware classification


Session Chair: Dr. Colon Osorio





Manuscript # 1570018869: Identifying Malware Genera using the Jensen-Shannon Distance Between System Call Traces by Jeremy Seidman, The Graduate School and University Center, CUNY, Bilai Kahn, John Jay College of Criminal Justice, City University of New York and Antonio Cesar Vargas, NacoLabs Consulting, LLC, USA

Manuscript # 1570020013:  Host-Based Code Injection Attacks: A Popular Technique Used By Malware by Thomas Barabosch and  Elmar Gerhards-Padilla, Fraunhofer, FKEI, Germany


Manuscript # 1570015457 -  Automatic Construction of Printable Return-Oriented Programming Payload, by Wenbiao Ding, University of Nanjing, People Republic of China

12:30 - 01:30 PM


01:30 - 03:00


Panel # 1 TBD


Moderator: Neil Rubenking,

PC Magazine

Topic: "The Malware Threat in the Era of Unlimited Computing Power"


Panelist: Anthony Arrott, Veszprog Labs, Dennis Batchelder, Microsoft Malware Protection Center (MMPC), Alexander Volynkin, Carnegie-Mellon University, Software Engineering Institute, Giovanni Vigna,  Lastline, Inc.


03:00 - 03:15


Day 1 - October 28, 2014 - Continued

03:15 - 06:00 PM


Session # 2: The Measurement Problem


Session Chair: Dr. Anthony Arrott














Manuscript # 1570020453 – “Analysis of exploit protection in endpoint security products” by Jeffrey Wu, PCSL Labs, China, Anthony Arrott, Veszprog Laboratories, USA and Fernando C. Colon Osorio, Wireless Systems Security Research Laboratory, USA 


Manuscript # 1570020425 - Global and local prevalence weighting of missed attack sample impacts for endpoint security product comparative protection testing by Andreas Clementi and Peter Stelzhammer, AV-Comparatives, Austria

Manuscript # 3:  1570015237 - “Breach detection system testing methodology”, Soltan Balsz, Sveta Miladinov and Chris Pickard, MRG-Effitas, Hungary and United Kingdom


Manuscript # 1570012043 -“Combining commercial consensus and community crowd-sourced categorization of web sites for integrity against phishing and other web fraud” by Ferenc Leithold, Veszprog Labs, Hungary, Fernando C. Colon Osorio, Wireless Systems Security research Laboratory, USA and Anthony Arrott, Veszprog Labs, USA



 06:00 -07:30 PM

Free Time

07:30 - 08:00 PM

Cocktail Reception

08:00 - 10:30 PM

"Best Paper" Award Gala Dinner



Day 2 - October 29, 2014


 7:00 - 9:00 AM

Registration & Breakfast

 9:00 - 09:45  AM

Keynote:" “Changing the way we fight Malware"

Mr. .Dennis Batchelder, Microsoft Malware Protection Center (MMPC)

09:45 - 10:00 AM


10:00 - 12:30 AM

Session # 3: Mobile Malware


Session Chair: Dennis Batchelder, Microsoft






Manuscript # 1570020445) – “MysteryChecker: Unpredictable Attestation to Detect Repackaged Malicious Applications in Android” by Changyong Lee, Dongwon Seo. Jihwan Jeong,  Jonhoon Kwon and Heejo Lee, Korea University, Korea

Manuscript # 1570022045 – “AirHopper: Bridging the Air-Gap between Isolated Networks and Mobile Phones using Radio Frequencies” by Moirdehai Guri, Gabi Kedma and Yuval Elovici, Ben Gurion University, Israel

Manuscript # 1570021421“CrowdSource: Automated Inference of High Level Malware Functionality from Low-Level Symbols Using a Crowd Trained Machine Learning Model” by  Joshua Saxe Invincea Labs, USA



12:30  - 01:30 PM


01:30 - 02:45 PM:


Session # 4:  Botnets & Other Musings


Session Chair: Neil Rubenking




Manuscript # 1570003807: “BoTGen: A New Approach for In-Lab Generation of Botnet Datasets” by Muhammad ElSheik,  Mohammed S. Galderab, Mosehn Rashwan, National Institute of Standards  - NIS Egypt, Egypt and  Mahmoud Ghoneim, George Washington University, USA

Manuscript # 1570020439 – “PsyBoG: Power Spectral Density Analysis for Detecting Botnet Groups” by Jonghoon Kwon, Jeongsik Kim, Jehyun Lee, Heejo Lee, Korea University, Korea and Adrian Perrig, ETH Zurich & Carnegie Mellon University, USA

Manuscript # 1570018935 –“Malware Biodiversity” by Jeremy Seidman, The Graduate School and University Center, CUNY, Bilai Kahn, John Jay College of Criminal Justice, City University of New York and Antonio Cesar Vargas, NacoLabs Consulting, LLC, USA

Manuscript # 1570003599“Bacterial Quorum Sensing for Coordination of Targeted Malware” by  Mark Fioravanti, III, and Richard Ford, Florida Institute of Technology, USA


02:45 - 03:00 PM




03:00 – 05:00PM


Session # 5: HoneyAgents, Intelligent Defenses, and other Anti-Malware techniques


Session Chair: Dr. Anthony Arrott



Manuscript # 1569995027 - “HoneyAgent: Detecting Malicious Java Applets by Using Dynamic Analysis” by Jan Gassen and Jonathan Chapman, Frankhofer, FKEI, Germany



Manuscript # 1570003349“Codescanner: Detecting (Hidden) x86/x64 Code in Arbitrary Files” by Viviane Zwanger, University of Bonn & Fraunhofer FKIE,  Germany, Michael Meier, University of Bohn, Germany and Elmar Gerhards-Padilla,  Fraunhofer FKEI, Germany



Manuscript # 1570020357“Risk prediction of malware victimization based on user behavior” by Fanny Lalonde Lévesque, José M. Fernandez, École Polytechnique de Montréal and Anil Somayaji, Carleton University, Canada

Manuscript # 1570003543 –“Agent Based Trace Learning in a Recommendation-Verification System for Cyber Security” by William Casey, Evan Wright and Jose A. Morales, Michael Appel, Jeff Gennarl Carnegie-Mellon University, USA and Bud Mishra, New York University, USA


05:00 - 05:15

Concluding Remarks - Dr. Fernando Colon Osorio, General Program Chair





Day 3 - October 30, 2014 , Option # 1


 07:00 - 08:00 AM

Registration & Breakfast

0 8:00 - 08:15  AM

Welcome Remarks - Dr. Fernando Colon Osorio, General Program Chair

08:15 - 09:15 AM

Keynote: " New Benchmarks for Endpoint / Network Security Integration”


09:15 - 09:30




09:30 - 12:20 PM:
















Workshop: : New Benchmarks for Endpoint / Network Security Integration

“We’ve treated endpoint security as a PC provisioning and IT operations task for too long. By doing so, we aren’t using our endpoint security tools correctly. A few years ago, the endpoint security market was a cozy little oligopoly that was dominated by five vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro. Fast forward to 2014 and things have changed. Network security vendors like Cisco (Sourcefire), FireEye, and Palo Alto Networks are jumping into the endpoint security pool. An army of others like Bit9, Bromium, Cylance, Digital Guardian (Verdasys), Guidance Software, IBM, Invincea, Malwarebytes, Raytheon, RSA and Triumfant are all offering some type of endpoint security technology.” – Jon Oltsik, Network World

Workshop Problem Statement:

Independent security testing labs need to adapt to the increasing integration of endpoint protection and network security. Better metrics and benchmark testing methodologies are needed to account for radical changes in enterprise security architecture and the ways in which endpoints are protected.

Format: Structure Workshop led by Ken Baylor (Pivotal Software and Fernando Colon Osorio (Wireless Systems Security Research Laboratory)

12:20 - 12:30

Concluding Remarks - Dr. Fernando Colon Osorio, General Program Chair

12:30  - 01:30 PM



Day 3 - October 30, 2014 , Option # 2


 07:00 - 08:00 AM

Registration & Breakfast

0 8:00 - 08:15  AM

Depart for Tour  of " The Forts of Old San Juan: Guardians of the Caribbean"

08:15 - 12:30 PM

Tour:  San Felipe del Morro: The fort can be found on the northwestern-most point of the islet of San Juan, Puerto Rico. Originally named in honor of King Philip II of Spain, the fortification, also referred to as el Morro, was designed to guard the entrance to the San Juan Bay, and defend the city of Old San Juan from seaborne enemies. Across from El Morro and facing the structure on the opposite side of the San Juan bay, a smaller fortification known as El Cañuelo. El Cañuelo served as a dual complement to El Morro to protect the city and the ships waiting for passage to Spain loaded with the riches of the new world.

SanCristóbal: The Castillo de San Cristóbal is the largest fortification built by the Spanish in the New World. The fortification was finished in 1783. Upon completion, the structures and associated fortification covered about 27 acres of land and basically wrapped around the city of San Juan. It was built by Spain to protect against land based attacks on the city of San Juan.

San Cristóbal was built on a hill originally known as the Cerro de la Horca or the Cerro del Quemadero. In subsequent years the named was changed to Cerro de San Cristóbal in celebration of the Spanish victories ejecting English and Dutch interlopers from the island.

12:30  - 01:30 PM


01:30 - 03:30 PM

Tour of Bacardi Factory

03:30 - 04:30

Travel Back to Hotel

General Program Chair:

Dr. Fernando C. Colon Osorio, WSSRL & Brandeis University, USA

Technical Program Committee:

Anthony Arrott, Veszprog Labs, USA

Arun Lakhotia, Univeristy of Louisiana, USA

The 9th IEEE Technically Sponsored International Conference on Malicious and Unwanted Software  (MALCON 2014) will be held at the Waldorf Astoria El Conquistador Resort, Fajardo, Puerto Rico, USA, October 28-30th, 2014 (October 30th, 2014 - optional). This year’s conference has adopted as its main theme "The Malware Threat in the Era of Unlimited Computing Power" in recognition of a major paradigm shift that has transformed the computer industry as a whole, and created major challenges to the IT security community in particular.

Over the last 12 years, Cloud Computing has become a dominant computing model. Applications and data reside in the “Cloud”, and are accessed via Smartphones and other mobile devices owned and operated by customers, employees, and suppliers no longer part of the traditional enterprise physical network, e.g., “Bring Your Own Device” (BYOD).  Within this context, three major research trends have emerged.  

First, at the periphery, the end-point device is a mobile BYOD with security and mobility properties never anticipated. If the end-point device is owned and operated by the employee of a large corporation, and the boundaries between "personal" and "corporate" data, as well as between applications disappears, then what is the protection model that can be used? Is the device to be "trusted", ”untrusted”, or simply operate in different modes of protection, one when interacting in a corporate environment, and one when being used strictly as a personal device?

Second, the existence of either a physical or a logical "Trusted Domain" that resides and operates within the confines of a single corporate entity has disappeared. We invite manuscripts exploring new models of protection that do not depend on ownership or management of a Corporate Trusted Domain, and incorporate elements where part of the data, applications, and infrastructure are managed by third parties such as, Amazon Web Services (AWS), or even the local Starbucks WiFi.

Third, reaching consensus on a protection model for the new cloud computing paradigm is an important challenge – especially developing new standards for measuring protection. Do we protect the traffic? the data? the applications?  How do we measure protection?  In this last area, we clearly understand that measuring how many resident infected files are detected by an anti-malware product is a very limiting and not very useful measure. We encourage authors to propose innovative solutions to this problem, and the set of associate metrics to be used.

Finally, while deservedly significant attention has been, and should continue to be devoted to the research areas described above, another critical problem deserves our attention at this juncture, namely the impact of “Big Data” and, now, “Fast Data” on IT security.  The virtually unlimited power and speed of computing resources now available enables a cornucopia of new strategies and tactics for both attackers and defenders.  For example, algorithms for running higher order correlations over vast arrays of distributed meta-data in near real-time that were previously only theoretical have now become practical.  Contributions that explore the implications and uses of this escalation for both attackers and defenders are welcomed.


Submissions are solicited in, but not limited to, the following areas:


Theoretical aspects and new directions in Malware related research, specifically, manuscripts that explore the concepts of “Trust Domains” that do not have or desire physical boundaries

Smartphone Malware, protecting a new class of end-points with hyper-mobility

Analysis and measurements of real Malware incidents

Worms, viruses and other propagating Malware

Spyware, keystroke loggers, information theft Malware

Honeypots and other sample collection methodologies

Botnet attacks, detection/tracking and defense

Malware economics and black market studies

Code reverse engineering tools and practices

Malware performance, analysis and capture tools

Anti-spam and anti-phishing techniques and practices

Legal aspects of unwanted software use

Malware and its impact in social networking and cloud computing

Rootkit and virtualization techniques

Malware in wireless mobile devices




The proceedings of the conference will be published in printed, and DVD, form and will be included in the IEEE Xplore digital library.  In addition, the Conference’s Technical Program Committee will select one manuscript as a recipient of the “Best Paper Award”.  The Best Paper Award author, together with the authors of a few selected manuscripts from the conference, will be invited to submit an extended version to a special issue of the Journal of Computer Security.


Paper Submission Information


Papers should be submitted through EDAS system at:

Submitted manuscripts must be 10-point font size, and should not exceed 8 single-spaced pages in length, including the abstract, figures, and references. Authors whose manuscript exceeds the 8 page limit may be allowed to include two additional pages for an extra charge.  However, under no circumstances shall a submitted manuscript exceed the 10 page limit. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings


Additional Information

For more information on Malware 2014  or if you are interested in contributing to the organization of the conference please contact Dr. Fernando C. Colon Osorio, General Program Chair, Malware 2014 at This email address is being protected from spambots. You need JavaScript enabled to view it. or visit our web site  For information concerning submission of an original manuscript to the conference, please contact the Technical Program Committee Chairs (TPC), Dr. Anthony Arrott, Trends Micro, USA - This email address is being protected from spambots. You need JavaScript enabled to view it.">mailto:, and Prof. Arun Lakhoita,  Director of CajunBot Lab,  University of Louisiana at Lafayette - mailto: This email address is being protected from spambots. You need JavaScript enabled to view it. 


Submission of papers


Research Track

* Aug  12th, 2014, 23:59:59 EST, Deadline Extended

Industry Track

Aug 12th, 2014, 23:59:59 EST

Short Paper Track

Aug 12th,, 2014, 23:59:59 EST

Notification of Acceptance

September 12th, 2014, 23:59:59 EST

Camera ready paper:

September 19th, 2014: 23:59:59 EST

Conference dates

October 28-30, 2014

Last Updated ( Friday, 16 May 2014 )


General Program Chair:

Dr. Fernando C. Colon Osorio, WSSRL & Brandeis University, USA


Technical Program Committee:

Technical Program Committee Co-Chairs:

Dr. Anthony Arrott, Veszprog Labs, USA

Prof. Arun Lakhotia, University of Luiusiana, USA

Technical Program Committee Members:

Dr. Davidson Boccardo, Inmetro, Brazil
Dr. Guillaume Bonfante, LORIA, France
Mr. Pierre-Marc Bureau, ESET, CANADA
Dr. Andreas Clementi, AV Comparatives, Germany
Dr. Seyit A. Camtepe, Technische Universität Berlin
Prof. José M. Fernandez, Ecole Polytechnique de Montréal, Canada
Dr. Richard Ford, Harris Institute for Information Assurance, Florida Institute of Technology, USA
Dr. Olivier Festor, INRIA Nancy Grand-Est, France
Mr. Brian Hay, Security Works, USA
Prof. Xuxian Jiang, North Carolina State University, USA
Dr. Aubrey-Derrick Schmidt, T-Systems International GmbH, Germany
Prof. Jean-Yves Marion, École des mines de Nancy, France, 
Mr. Rachit Mathur, McAfee, USA
Dr. Jose Andres Morales, CERT - Carnegie Mellon University, USA
Dr. Kara Nance, Security Works, USA
Dr. Jose Nazario, Invincea, Inc, USA
Prof. Mark Stamp - San Jose State University, USA
Prof. Natalia Stakhanova, University of New Brunswick, Canada
Dr. Andrew Walenstein, Blackberry, USA
Mr. Jeff Williams, Dell SecureWorks, USA
Prof. Cliff C. Zou (Changchun Zou), University Central Florida, USA

Malware 2014Panels, Keynotes & Tutorias:

Mr. Neil Rubenking, President & CEO, AppNeta, Inc., USA
Vic Phatak - NSS Labs, USA

Local Conference Co-Chairs:

  Prof. Jose Ortiz, Computer Science, Universidad de Puerto Rico,  USA
  Prof. Amir H. Chinaei,  ECE Department, University of Puerto Rico at Mayagüez, USA



Latest Vulnerabiities Latest Alerts
More Vulnerability Notes »