USA flag logo/image

An Official Website of the United States Government

Semi-Supervised Algorithms against Malware Evolution (SESAME)

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
Program Year/Program:
2012 / STTR
Agency Tracking Number:
F11B-T21-0014
Solicitation Year:
2011
Solicitation Topic Code:
AF11-BT21
Solicitation Number:
2011.B
Small Business Information
Charles River Analytics Inc.
625 Mount Auburn Street Cambridge, MA 02138-4555
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2012
Title: Semi-Supervised Algorithms against Malware Evolution (SESAME)
Agency / Branch: DOD / USAF
Contract: FA8750-12-C-0144
Award Amount: $99,984.00
 

Abstract:

ABSTRACT: Recent years have seen an explosion in the number and sophistication of malware attacks. The sheer volume of novel malware has made purely manual signature development impractical and has led to research on applying machine learning and data mining to automatically infer malware signatures in the wild. Unfortunately, researchers have recently found ways to game the machine learning algorithms and learn to predict which samples the learning algorithms will classify as benign or malicious, thus opening the door for innovative deception on the part of malware developers. To counter this threat, we propose Semi-Supervised Algorithms against Malware Evolution (SESAME), which uses online learning to evolve as new malware is encountered, recognizing novel families and adapting its model of families as they themselves evolve. It uses semi-supervised learning to enable it to learn from both labeled and unlabeled malware. SESAME combines a rich feature set with deep learning algorithms to learn the essential characteristics of malware that enable us to relate novel malware to existing malware. We propose to evaluate the potential of the novel approach afforded by SESAME by using both standard malware datasets and malware specifically designed to fool automated detection systems. BENEFIT: Because SESAME provides an evolving, real-time detection system capable of defeating evolving malware, it will have immediate and tangible benefit for military and Government programs as well as commercial security products. As the number of new malware encountered continues to grow exponentially, we must support and augment human analysts with automated techniques that enable near-real-time malware detection and remediation. Thus, techniques to detect novel and deliberately deceptive attacks will benefit a range of Governmental and commercial security products.

Principal Investigator:

Avi Pfeffer
Principal Scientist
(617) 491-3474
apfeffer@cra.com

Business Contact:

Mark S. Felix
Contracts Manager
(617) 491-3474
mfelix@cra.com
Small Business Information at Submission:

Charles River Analytics Inc.
625 Mount Auburn Street Cambridge, MA -

EIN/Tax ID: 042803764
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
University of Louisiana--Lafayette
104 University Circle
Lafayette, LA 70504-0504
Contact: Ruth Landry
Contact Phone: (337) 482-5811