Dynamically Evolving Malware Detection in Streams

Award Information
Agency:
Department of Defense
Amount:
$99,735.00
Program:
STTR
Contract:
FA8750-12-C-0145
Solitcitation Year:
2011
Solicitation Number:
2011.B
Branch:
Air Force
Award Year:
2012
Phase:
Phase I
Agency Tracking Number:
F11B-T21-0271
Solicitation Topic Code:
AF11-BT21
Small Business Information
Cipher Tech Solutions, Inc.
407 North Highland Avenue, Upper Nyack, NY, 10960-
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
626566207
Principal Investigator
 Robert Hohner
 Reverse Engineer&Malware Analyst
 (617) 717-4880
 rhohner@ciphertechsolutions.com
Business Contact
 Adam Eng
Title: VP of Business Development
Phone: (845) 636-9606
Email: aeng@ciphertechsolutions.com
Research Institution
 Northeastern University
 David Kaeli
 360 Huntington Avenue
Boston, MA, 02115-2115
 (617) 373-5413
 Nonprofit college or university
Abstract
ABSTRACT: Security breaches continue to plague the information technology community. The United States Air Force is highly susceptible to malicious software attacks and data leakage, and requires new approaches to protecting systems vulnerable to attacks. Today, virtualization is a technology that is ubiquitous in the datacenter; a recent E-Week survey found that more than 60% of all datacenter platforms will run virtualization software by the end of 2011. Virtualization offers datacenters significantly improved system management and hardware utilization, and provides protection to wide-scale malicious code attacks. Anti-virus software and firewall programs are typically deployed in each guest VM to detect malicious software. These security measures are effective in detecting known malware, but do little to protect against new variants of intrusions. In this STTR Phase I proposal we describe a new methodology that combines virtualization technology and sophisticated machine learning algorithms to protect next generation Air Force computing infrastructure. To provide low-overhad real-time intrusion detection, we argue that protection needs to be added at the virtual machine monitor (VMM) level. Our combined industry/academic team has developed a functional VMM-level detection/recovery prototype that is ready to be deployed in Cipher Tech's commercial environment. BENEFIT: The anticipated benefits of this innovative technology represent a powerful means of protecting sensitive information of the defense and commercial sector. The potential commercial applications range from the software security solutions industry, to the rapidly expanding market for the most secure virtualization techniques.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government