Dynamically Evolving Malware Detection in Streams
Agency / Branch:
DOD / USAF
ABSTRACT: Security breaches continue to plague the information technology community. The United States Air Force is highly susceptible to malicious software attacks and data leakage, and requires new approaches to protecting systems vulnerable to attacks. Today, virtualization is a technology that is ubiquitous in the datacenter; a recent E-Week survey found that more than 60% of all datacenter platforms will run virtualization software by the end of 2011. Virtualization offers datacenters significantly improved system management and hardware utilization, and provides protection to wide-scale malicious code attacks. Anti-virus software and firewall programs are typically deployed in each guest VM to detect malicious software. These security measures are effective in detecting known malware, but do little to protect against new variants of intrusions. In this STTR Phase I proposal we describe a new methodology that combines virtualization technology and sophisticated machine learning algorithms to protect next generation Air Force computing infrastructure. To provide low-overhad real-time intrusion detection, we argue that protection needs to be added at the virtual machine monitor (VMM) level. Our combined industry/academic team has developed a functional VMM-level detection/recovery prototype that is ready to be deployed in Cipher Tech's commercial environment. BENEFIT: The anticipated benefits of this innovative technology represent a powerful means of protecting sensitive information of the defense and commercial sector. The potential commercial applications range from the software security solutions industry, to the rapidly expanding market for the most secure virtualization techniques.
Small Business Information at Submission:
Research Institution Information:
Cipher Tech Solutions, Inc.
407 North Highland Avenue Upper Nyack, NY 10960-
Number of Employees:
360 Huntington Avenue
Boston, MA 02115-2115