Malware Understanding using Dependence Graphs, Clustering, and Mining.

Award Information
Agency:
Department of Defense
Branch
Army
Amount:
$100,000.00
Award Year:
2011
Program:
STTR
Phase:
Phase I
Contract:
W911NF-11-C-0241
Award Id:
n/a
Agency Tracking Number:
A11A-020-0014
Solicitation Year:
2011
Solicitation Topic Code:
A11a-T020
Solicitation Number:
2011.A
Small Business Information
918 Deming Way, Floor 3, Madison, WI, 53717-1945
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
621641252
Principal Investigator:
Gregory Zelesnik
Director, NovaShield Labs
(608) 833-2610
gzelesnik@novashield.com
Business Contact:
Praveen Sinha
Chief Executive Officer
(608) 833-2610
psinha@novashield.com
Research Institute:
University of Wisconsin - Madison
Cheryl E Gest
21 N. Park Street
Room 6410
Madison, WI, 53715-
(608) 262-4880
Nonprofit college or university
Abstract
The number of distinct malware being released into the wild is growing at an alarming rate. Some IT security companies are seeing more than 5,000 new malware instances each day. IT security companies can no longer keep pace with this deluge using manual, labor-intensive malware analysis techniques for generating specifications that detect them. There is a need for proven and deployable automated malware analysis techniques that can analyze large volumes of malware quickly and accurately. Researchers performing work in the area of behavior-based malware analysis are exploring new techniques that will address this problem: automated dependence graph construction; graph mining tools that identify specific behaviors in a dependence graph; semi-automated specification generation; and malware classification using clustering techniques. In this Phase I STTR proposal, NovaShield, Inc. will focus on malware understanding and aspects of malware classification. More specifically, NovaShield will concentrate on dependence graph construction algorithms that build rich dependence graphs efficiently, as well as clustering techniques that organize malware into families based on their behavior profiles. This will lay the groundwork for creating techniques that perform behavior mining and automated generation of behavior specifications for detecting malware, which will be pursued in Phase II.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government