Dynamically Evolving Malware Detection in Streams

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-12-C-0143
Agency Tracking Number: F11B-T21-0236
Amount: $99,926.00
Phase: Phase I
Program: STTR
Awards Year: 2012
Solicitation Year: 2011
Solicitation Topic Code: AF11-BT21
Solicitation Number: 2011.B
Small Business Information
Sentar, Inc.
315 Wynn Drive, Suite 1, Huntsville, AL, 35805-
DUNS: 174265736
HUBZone Owned: N
Woman Owned: Y
Socially and Economically Disadvantaged: N
Principal Investigator
 Lyle Johnson
 Senior Software Developer
 (256) 430-0860
Business Contact
 Sharon Yalowitz
Title: HR/Contracts Manager
Phone: (256) 430-0860
Email: sharon.yalowitz@sentar.com
Research Institution
 Auburn University
 Eric Imsand
 Department of Computer Science
and Software Engineering
Auburn, AL, 36832-6832
 (334) 787-9826
 Nonprofit college or university
ABSTRACT: The emergence of polymorphic malware poses an increasingly difficult threat to network security. Sentar proposes the development of a Polymorphic Malware Detection Unit that will perform automated detection of dynamically evolving malware as well as zero-day attacks. The Unit will be designed to integrate with existing systems as well as into future systems. Sentar will use predictive Data Modeling techniques for automated detection of polymorphic malware. These techniques, developed by Sentar team members, are based on regression methods used to enable models of nominal conditions to be obtained quickly and simply. Each executable in the runtime stream is treated as a single point defined in seven-dimensional space. This information can be rapidly used to create classifiers useful in polymorphic malware detection, and successive exemplars are fed back into the model, creating increasingly fine granularity classifiers, for continuous detection capability. Mature classifiers consist of tree-shaped organizations of data models that have been converted to look-up tables, with each table comprising a node within the tree. New nodes are added dynamically, with no requirement for retraining. The result is an adaptive machine learning solution for detection of polymorphic malware. BENEFIT: Sentar"s Cyber Polymorphic Malware Detection Unit is a game changer for cyber security. Because the technology is designed for application to both existing systems and new development programs, there will be numerous opportunities for deployment. Weapon systems, SCADA systems, energy systems, manufacturing systems are all candidates for the technology. As a tool for polymorphic malware detection, it can be used to monitor data streams of executables, it can be configured as a new crawler to verify the health of local area networks, it can be used as a boundary protection tool to enhance or replace current intrusion detection technology, and it can be used to screen incoming email for indications of cyber attack. Sentar views the Polymorphic Malware Detection Unit technology as a marketing wedge, and as creator of the technology, Sentar plans to gain first-mover competitive advantage. The technology will be applicable to a wide range of weapon systems and other mission critical systems.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government