Malware Understanding using Dependence Graphs, Clustering, and Mining.

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911NF-11-C-0241
Agency Tracking Number: A11A-020-0014
Amount: $100,000.00
Phase: Phase I
Program: STTR
Awards Year: 2011
Solicitation Year: 2011
Solicitation Topic Code: A11a-T020
Solicitation Number: 2011.A
Small Business Information
918 Deming Way, Floor 3, Madison, WI, 53717-1945
DUNS: 621641252
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Gregory Zelesnik
 Director, NovaShield Labs
 (608) 833-2610
Business Contact
 Praveen Sinha
Title: Chief Executive Officer
Phone: (608) 833-2610
Research Institution
 University of Wisconsin - Madison
 Cheryl E Gest
 21 N. Park Street
Room 6410
Madison, WI, 53715-
 (608) 262-4880
 Nonprofit college or university
The number of distinct malware being released into the wild is growing at an alarming rate. Some IT security companies are seeing more than 5,000 new malware instances each day. IT security companies can no longer keep pace with this deluge using manual, labor-intensive malware analysis techniques for generating specifications that detect them. There is a need for proven and deployable automated malware analysis techniques that can analyze large volumes of malware quickly and accurately. Researchers performing work in the area of behavior-based malware analysis are exploring new techniques that will address this problem: automated dependence graph construction; graph mining tools that identify specific behaviors in a dependence graph; semi-automated specification generation; and malware classification using clustering techniques. In this Phase I STTR proposal, NovaShield, Inc. will focus on malware understanding and aspects of malware classification. More specifically, NovaShield will concentrate on dependence graph construction algorithms that build rich dependence graphs efficiently, as well as clustering techniques that organize malware into families based on their behavior profiles. This will lay the groundwork for creating techniques that perform behavior mining and automated generation of behavior specifications for detecting malware, which will be pursued in Phase II.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government