Award Information
Proposal Title: Malware Prediction
Phase: Phase I
Topic Title: Malware Prediction for Situational Understanding and Preemptive Cyber Defense
Organization: GrammaTech, Inc.
Abstract: GrammaTech will create the CodeSurfer/INSIGHT tool to address the problem of understanding the evolution of malware characteristics and anticipating future malware evolution. INSIGHT will build on these capabilities: (a) GrammaTech's binary analysis tools as enhanced during the DARPA RAPID project, extending it with more sophisticated component identification, type inference, representations of software structure, and improved similarity detection in malware and obfuscated code; (b) GrammaTech's ongoing contributions to the DARPA MUSE project, using its features, similarity and search algorithms, and high-capacity database for storing and retrieving information about malware, extended with new features based on INSIGHT's improvements in binary analysis; (c) GrammaTech's experience in MUSE with feature extraction and pattern recognition specifically applied to code structure of binaries; and (d) the open source repositories of malware and the data and insights produced in the DARPA CyberGenome project. The result will be a tool that automatically extracts characteristics and aggregate features of a collection of malware, identifying malware families, trends, cross-fertilization, and evolutionary directions. These will provide a human analyst insight into the evolution and relationships within a corpus of binary executables, malware in particular. Both government and commercial clients will use the tool to help anticipate threats to their organizations and infrastructure. Non-malware applications include identifying code borrowing for license tracking, detecting instances of insider threat, and determining differences among different versions of software.
