Binary-Level Malicious Code Pattern Detection Technology

Award Information
Agency:
Department of Defense
Branch
Missile Defense Agency
Amount:
$749,999.00
Award Year:
2005
Program:
SBIR
Phase:
Phase II
Contract:
W9113M-05-C-0170
Award Id:
69674
Agency Tracking Number:
B041-056-0051
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
190 Green Valley Road, Owens Crossroads, AL, 35763
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
142295422
Principal Investigator:
Luis Lopez
CTO
(256) 656-9652
luis@hiwaay.net
Business Contact:
Luis Lopez
President
(256) 656-9652
luis@hiwaay.net
Research Institute:
n/a
Abstract
This effort is based on the outcome of a successful Phase I project that demonstrated the feasibility of generating logic pattern-based, OS-platform-independent, signatures for malicious program logic and detecting its presence within much larger binary modules. The detection (and localization) of a logic-based signature within a binary executable represents a significant advancement in automated code analysis. It also offers a new capability to test the hardness or vulnerability of protected software modules (e.g. test logic obfuscation hardness, vulnerability to exploitation, etc.). The approach taken involves the development of canonical signatures based on essential logic patterns required for a (malicious) function to occur. When logic patterns of certain malicious codes are extracted it is also possible to relate logic signatures to specific exploitive behaviors. This results in an OS/language/hardware independent signature for malicious exploits, strategies and tactics. We can then extract the logic structure from an arbitrary binary and scan it for specific malicious logic. Scanning a binary module requires disassembling and recovering features of the logical implementation (hence, it can potentially violate some software licensing agreements). A Phase II development will support information assurance within MDA's Computer Network Operations and directly support program objectives for the Common Operating Environment (COE)

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government