Malware Understanding using Dependence Graphs, Clustering, and Mining.

Award Information
Agency:
Department of Defense
Amount:
$100,000.00
Program:
STTR
Contract:
W911NF-11-C-0241
Solitcitation Year:
2011
Solicitation Number:
2011.A
Branch:
Army
Award Year:
2011
Phase:
Phase I
Agency Tracking Number:
A11A-020-0014
Solicitation Topic Code:
A11a-T020
Small Business Information
NovaShield, Inc
918 Deming Way, Floor 3, Madison, WI, 53717-1945
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
621641252
Principal Investigator
 Gregory Zelesnik
 Director, NovaShield Labs
 (608) 833-2610
 gzelesnik@novashield.com
Business Contact
 Praveen Sinha
Title: Chief Executive Officer
Phone: (608) 833-2610
Email: psinha@novashield.com
Research Institution
 University of Wisconsin - Madison
 Cheryl E Gest
 21 N. Park Street
Room 6410
Madison, WI, 53715-
 (608) 262-4880
 Nonprofit college or university
Abstract
The number of distinct malware being released into the wild is growing at an alarming rate. Some IT security companies are seeing more than 5,000 new malware instances each day. IT security companies can no longer keep pace with this deluge using manual, labor-intensive malware analysis techniques for generating specifications that detect them. There is a need for proven and deployable automated malware analysis techniques that can analyze large volumes of malware quickly and accurately. Researchers performing work in the area of behavior-based malware analysis are exploring new techniques that will address this problem: automated dependence graph construction; graph mining tools that identify specific behaviors in a dependence graph; semi-automated specification generation; and malware classification using clustering techniques. In this Phase I STTR proposal, NovaShield, Inc. will focus on malware understanding and aspects of malware classification. More specifically, NovaShield will concentrate on dependence graph construction algorithms that build rich dependence graphs efficiently, as well as clustering techniques that organize malware into families based on their behavior profiles. This will lay the groundwork for creating techniques that perform behavior mining and automated generation of behavior specifications for detecting malware, which will be pursued in Phase II.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government