Dynamically Evolving Malware Detection in Streams

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$99,735.00
Award Year:
2012
Program:
STTR
Phase:
Phase I
Contract:
FA8750-12-C-0145
Award Id:
n/a
Agency Tracking Number:
F11B-T21-0271
Solicitation Year:
2011
Solicitation Topic Code:
AF11-BT21
Solicitation Number:
2011.B
Small Business Information
407 North Highland Avenue, Upper Nyack, NY, 10960-
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
626566207
Principal Investigator:
Robert Hohner
Reverse Engineer&Malware Analyst
(617) 717-4880
rhohner@ciphertechsolutions.com
Business Contact:
Adam Eng
VP of Business Development
(845) 636-9606
aeng@ciphertechsolutions.com
Research Institution:
Northeastern University
David Kaeli
360 Huntington Avenue
Boston, MA, 02115-2115
(617) 373-5413
Nonprofit college or university
Abstract
ABSTRACT: Security breaches continue to plague the information technology community. The United States Air Force is highly susceptible to malicious software attacks and data leakage, and requires new approaches to protecting systems vulnerable to attacks. Today, virtualization is a technology that is ubiquitous in the datacenter; a recent E-Week survey found that more than 60% of all datacenter platforms will run virtualization software by the end of 2011. Virtualization offers datacenters significantly improved system management and hardware utilization, and provides protection to wide-scale malicious code attacks. Anti-virus software and firewall programs are typically deployed in each guest VM to detect malicious software. These security measures are effective in detecting known malware, but do little to protect against new variants of intrusions. In this STTR Phase I proposal we describe a new methodology that combines virtualization technology and sophisticated machine learning algorithms to protect next generation Air Force computing infrastructure. To provide low-overhad real-time intrusion detection, we argue that protection needs to be added at the virtual machine monitor (VMM) level. Our combined industry/academic team has developed a functional VMM-level detection/recovery prototype that is ready to be deployed in Cipher Tech's commercial environment. BENEFIT: The anticipated benefits of this innovative technology represent a powerful means of protecting sensitive information of the defense and commercial sector. The potential commercial applications range from the software security solutions industry, to the rapidly expanding market for the most secure virtualization techniques.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government