Dynamically Evolving Malware Detection in Streams

Award Information
Department of Defense
Air Force
Award Year:
Phase I
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Sentar, Inc.
315 Wynn Drive, Suite 1, Huntsville, AL, 35805-
Hubzone Owned:
Socially and Economically Disadvantaged:
Woman Owned:
Principal Investigator:
Lyle Johnson
Senior Software Developer
(256) 430-0860
Business Contact:
Sharon Yalowitz
HR/Contracts Manager
(256) 430-0860
Research Institution:
Auburn University
Eric Imsand
Department of Computer Science
and Software Engineering
Auburn, AL, 36832-6832
(334) 787-9826
Nonprofit college or university
ABSTRACT: The emergence of polymorphic malware poses an increasingly difficult threat to network security. Sentar proposes the development of a Polymorphic Malware Detection Unit that will perform automated detection of dynamically evolving malware as well as zero-day attacks. The Unit will be designed to integrate with existing systems as well as into future systems. Sentar will use predictive Data Modeling techniques for automated detection of polymorphic malware. These techniques, developed by Sentar team members, are based on regression methods used to enable models of nominal conditions to be obtained quickly and simply. Each executable in the runtime stream is treated as a single point defined in seven-dimensional space. This information can be rapidly used to create classifiers useful in polymorphic malware detection, and successive exemplars are fed back into the model, creating increasingly fine granularity classifiers, for continuous detection capability. Mature classifiers consist of tree-shaped organizations of data models that have been converted to look-up tables, with each table comprising a node within the tree. New nodes are added dynamically, with no requirement for retraining. The result is an adaptive machine learning solution for detection of polymorphic malware. BENEFIT: Sentar"s Cyber Polymorphic Malware Detection Unit is a game changer for cyber security. Because the technology is designed for application to both existing systems and new development programs, there will be numerous opportunities for deployment. Weapon systems, SCADA systems, energy systems, manufacturing systems are all candidates for the technology. As a tool for polymorphic malware detection, it can be used to monitor data streams of executables, it can be configured as a new crawler to verify the health of local area networks, it can be used as a boundary protection tool to enhance or replace current intrusion detection technology, and it can be used to screen incoming email for indications of cyber attack. Sentar views the Polymorphic Malware Detection Unit technology as a marketing wedge, and as creator of the technology, Sentar plans to gain first-mover competitive advantage. The technology will be applicable to a wide range of weapon systems and other mission critical systems.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government