You are here

Semi-Supervised Algorithms against Malware Evolution (SESAME)

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-13-C-0125
Agency Tracking Number: F11B-T21-0014
Amount: $742,000.00
Phase: Phase II
Program: STTR
Solicitation Topic Code: AF11-BT21
Solicitation Number: 2011.B
Timeline
Solicitation Year: 2011
Award Year: 2013
Award Start Date (Proposal Award Date): 2013-08-22
Award End Date (Contract End Date): 2015-08-21
Small Business Information
625 Mount Auburn Street
Cambridge, MA -
United States
DUNS: 115243701
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Avi Pfeffer
 Principal Scientist
 (617) 491-3474
 apfeffer@cra.com
Business Contact
 Mark Felix
Title: Contracts Manager
Phone: (617) 491-3474
Email: mfelix@cra.com
Research Institution
 University of Louisiana at Lafayett
 Ruth Landry
 
104 University Circle
Lafayette, LA 70504-
United States

 (337) 482-5811
 Nonprofit College or University
Abstract

ABSTRACT: Recent years have seen an explosion in the number and sophistication of malware attacks. The sheer volume of novel malware has made purely manual signature development impractical and has led to research on applying machine learning and data mining to automatically infer malware signatures in the wild. Unfortunately, researchers have recently found ways to game the machine learning algorithms and learn to predict which samples the learning algorithms will classify as benign or malicious, thus opening the door for innovative deception on the part of malware developers. To counter this threat, we propose Semi-Supervised Algorithms against Malware Evolution (SESAME), which uses online learning to evolve as new malware is encountered, recognizing novel families and adapting its model of families as they themselves evolve. It uses semi-supervised learning to enable it to learn from both labeled and unlabeled malware. SESAME combines a rich feature set with deep learning algorithms to learn the essential characteristics of malware that enable us to relate novel malware to existing malware. SESAME will be designed to be an enterprise-based system with rapid endpoint classification and learning in the cloud. BENEFIT: SESAME has profound potential benefit to both military and commercial network defense. It can assist network defenders by triaging incoming samples, identifying novel malware samples, and indicating which samples require further analysis. SESAME can be of benefit in military settings, such as a potential Air Force cyber operations center. SESAME can also be of benefit to Fortune 500 companies who have large networks to defend and limited expert manpower.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government