SBIR Phase I: Building Extensible and Customizable Binary Code Analytics Engine for Malware Intelligence as a Service

SBIR 第一阶段：为恶意软件情报即服务构建可扩展且可定制的二进制代码分析引擎

• 批准号: 1746819
• 负责人: Xunchao Hu
• 金额: $ 22.5万
• 依托单位: DEEPBITS TECHNOLOGY LLC
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-01-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1746819&HistoricalAwards=false
• 关键词: SBIR; Phase; Building; Extensible; Customizable

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project is to spark more cybersecurity innovations, by reducing the R&D expenditures via providing fundamental security analytics tools as a service. Global cybersecurity spending is increasing significantly year over year. Enormous R&D resources have been invested in the development of a range of security products to meet this market. However, different security product providers repeatedly build the fundamental security analytics tools and use them to further develop different innovative security solutions. That is a huge waste of R&D resources. The proposed solution reduces the R&D expenditure of customers and lowers the entry bar for the growing cybersecurity market. With the lowered entry bar, the company anticipates that more innovations will be put into practice. As a result, with the increased competition and reduced R&D expenditure, the company expects a reduction in cybersecurity spending by companies and the government.This Small Business Innovation Research (SBIR) Phase I project focuses on malware intelligence, which has been a long-standing as well as increasingly complex cybersecurity problem. Traditional signature based detection and manual reverse engineering approaches can no longer keep up with the pace of increasingly sophisticated obfuscation and attack techniques. The objective of this project is to develop a security analysis tool for malware intelligence by combining the following two unique techniques: "whole-system emulation based dynamic binary analysis" and "deep-learning based binary code similarity detection". The first technique provides a fine-grained monitor capability to observe the behaviors of malware. The second technique provides the capability of learning and characterizing complex features. By combining these two techniques, the proposed technology will be able to better understand malware and generate actionable intelligence.

小型企业创新研究(SBIR)第一阶段项目的更广泛影响/商业潜力是通过提供基础安全分析工具作为服务来减少研发支出，从而激发更多网络安全创新。全球网络安全支出逐年大幅增长。为了满足这一市场，我们投入了大量的研发资源来开发一系列安全产品。然而，不同的安全产品提供商重复构建基本的安全分析工具，并使用它们来进一步开发不同的创新安全解决方案。这是对研发资源的巨大浪费。拟议的解决方案减少了客户的研发支出，并降低了日益增长的网络安全市场的准入门槛。随着准入门槛的降低，该公司预计将有更多创新付诸实践。因此，随着竞争的加剧和研发支出的减少，该公司预计公司和政府的网络安全支出将会减少。这个小企业创新研究(SBIR)第一阶段项目专注于恶意软件情报，这是一个长期存在且日益复杂的网络安全问题。传统的基于签名的检测和人工逆向工程方法已经跟不上日益复杂的混淆和攻击技术的步伐。本项目的目标是通过结合以下两种独特的技术：基于全系统仿真的动态二进制分析和基于深度学习的二进制代码相似度检测，开发一个针对恶意软件情报的安全分析工具。第一种技术提供细粒度监视功能来观察恶意软件的行为。第二种技术提供了学习和描述复杂特征的能力。通过将这两种技术结合起来，拟议的技术将能够更好地理解恶意软件并生成可操作的情报。