I-Corps: Malware Analysis to Generate Important Capabilities

I-Corps：恶意软件分析以生成重要功能

• 批准号: 2020025
• 负责人: Dan Freeman
• 金额: $ 5万
• 依托单位: University of Delaware
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-05-01 至 2022-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2020025&HistoricalAwards=false
• 关键词: Corps; Malware; Analysis; Generate; Important

The broader impact/commercial potential of this I-Corps project is to defeat cyber-adversaries. The proposed technology will use machine learning techniques to automate and discover current unknown malware to provide reliable pre- and post-breach intelligence. The goal for these products is to capable of integration into any existing cybersecurity infrastructure. This technology may be used to gather data from other products to make predictions about the threat landscape. This project will explore the information needs regarding the specific features embedded in the malware code.This I-Corps project is based on the development of a large malware analysis platform that performs static analysis of files to produce state-of-the-art malware characterizations, including representing malware as graphs. These malware detection and classification models have become extremely accurate, thanks to vast amounts of data generated from malware datasets used in the development. After analyzing thousands of different malware families in many ways, these deep learning models have been trained to produce accurate and generalizable models able to detect incoming threats in large organizations and reduce false positives to help combat alert fatigue. This holistic view allows the user to catch novel and heavily obfuscated threats that evade models trained on traditional indicators.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个I-Corps项目更广泛的影响/商业潜力是击败网络对手。 拟议的技术将使用机器学习技术来自动化和发现当前未知的恶意软件，以提供可靠的入侵前和入侵后情报。这些产品的目标是能够集成到任何现有的网络安全基础设施中。该技术可用于从其他产品收集数据，以预测威胁状况。 该项目将探讨有关恶意软件代码中嵌入的特定功能的信息需求。该I-Corps项目基于大型恶意软件分析平台的开发，该平台对文件进行静态分析，以产生最先进的恶意软件特征，包括将恶意软件表示为图形。这些恶意软件检测和分类模型已经变得非常准确，这要归功于从开发中使用的恶意软件数据集生成的大量数据。在以多种方式分析了数千种不同的恶意软件家族之后，这些深度学习模型已经过训练，能够生成准确且可推广的模型，能够检测大型组织中的传入威胁，并减少误报，以帮助应对警报疲劳。该奖项反映了NSF的法定使命，通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。