InnerAwareness: Preemptive Cyber Defense and Situational Understanding Through Memory-Oriented Cyber Genomics and Physiology

Motivated by a real operational need to tackle threats posed by the onslaught of constantly evolving exploits and malware, this proposal describes techniques for dynamically analyzing malware that addresses weaknesses in the status quo by (i) focusing on memory-oriented artifacts without the use of traditional sandbox hooks, while at the same time (ii) providing operators with enhanced situational understanding and preemptive malware and exploit defenses. Specifically, we will explore the design and implementation of novel memory-oriented techniques for conducting automated analysis of malware binaries (i.e. so called cyber-physiology techniques) to not only assist analysts in understanding the their function and intent, but also produce a novel set of outputs (i.e. artifacts, behaviors, code constructs) that, combined, concisely represent human understandable malware and exploit fingerprints. Second, we will design and implement so called cyber-genomics techniques for both individually using and collating a multitude of these malware fingerprints over time to not only aid in determining their identity, lineage, and provenance, but also identify trends in fingerprint components to pinpoint key distinguishing characteristics of malware that are likely to be utilized in future waves of attack.