Topic Information Award/Contract Number Proposal Information Company Performance

Malware Prediction for Situational Understanding and Preemptive Cyber Defense

HSHQDC-17-C-00007 HSHQDC-16-R-00012-H-SB016.1-003-0020-II
(HSHQDC-16-R-00012 Phase II)
Hybrid Prediction for Embedded Malware

Red Balloon Security
336 West 37th Street Suite 1024
New York, NY 10018-4592


Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure. We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples. Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.