USA flag logo/image

An Official Website of the United States Government

Dynamically Evolving Malware Detection in Streams

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
Program Year/Program:
2012 / STTR
Agency Tracking Number:
F11B-T21-0236
Solicitation Year:
2011
Solicitation Topic Code:
AF11-BT21
Solicitation Number:
2011.B
Small Business Information
Sentar, Inc.
315 Wynn Drive Suite 1 Huntsville, AL 35805-1960
View profile »
Woman-Owned: Yes
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2012
Title: Dynamically Evolving Malware Detection in Streams
Agency / Branch: DOD / USAF
Contract: FA8750-12-C-0143
Award Amount: $99,926.00
 

Abstract:

ABSTRACT: The emergence of polymorphic malware poses an increasingly difficult threat to network security. Sentar proposes the development of a Polymorphic Malware Detection Unit that will perform automated detection of dynamically evolving malware as well as zero-day attacks. The Unit will be designed to integrate with existing systems as well as into future systems. Sentar will use predictive Data Modeling techniques for automated detection of polymorphic malware. These techniques, developed by Sentar team members, are based on regression methods used to enable models of nominal conditions to be obtained quickly and simply. Each executable in the runtime stream is treated as a single point defined in seven-dimensional space. This information can be rapidly used to create classifiers useful in polymorphic malware detection, and successive exemplars are fed back into the model, creating increasingly fine granularity classifiers, for continuous detection capability. Mature classifiers consist of tree-shaped organizations of data models that have been converted to look-up tables, with each table comprising a node within the tree. New nodes are added dynamically, with no requirement for retraining. The result is an adaptive machine learning solution for detection of polymorphic malware. BENEFIT: Sentar"s Cyber Polymorphic Malware Detection Unit is a game changer for cyber security. Because the technology is designed for application to both existing systems and new development programs, there will be numerous opportunities for deployment. Weapon systems, SCADA systems, energy systems, manufacturing systems are all candidates for the technology. As a tool for polymorphic malware detection, it can be used to monitor data streams of executables, it can be configured as a new crawler to verify the health of local area networks, it can be used as a boundary protection tool to enhance or replace current intrusion detection technology, and it can be used to screen incoming email for indications of cyber attack. Sentar views the Polymorphic Malware Detection Unit technology as a marketing wedge, and as creator of the technology, Sentar plans to gain first-mover competitive advantage. The technology will be applicable to a wide range of weapon systems and other mission critical systems.

Principal Investigator:

Lyle Johnson
Senior Software Developer
(256) 430-0860
lyle.johnson@sentar.com

Business Contact:

Sharon Yalowitz
HR/Contracts Manager
(256) 430-0860
sharon.yalowitz@sentar.com
Small Business Information at Submission:

Sentar, Inc.
315 Wynn Drive Suite 1 Huntsville, AL 35805-

EIN/Tax ID: 630947741
DUNS: N/A
Number of Employees:
Woman-Owned: Yes
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
Auburn University
Department of Computer Science
and Software Engineering
Auburn, AL 36832-6832
Contact: Eric Imsand
Contact Phone: (334) 787-9826