Hybrid Malware Prediction System

Friday, October 6, 2017 @ 05:10 PM gHale


New York City-based Red Balloon Security, Inc. earned a $746,756 Small Business Innovation Program (SBIR) contract to develop an upgrade to its existing hybrid prediction system for embedded malware detection.

Red Balloon Security, which specializes in embedded device security, will develop new capabilities for and enhance the current functionality of its Symbiote Defense intrusion-detection system.

RELATED STORIES
VA Firm gets Blockchain Grant
Transition to Practice Programs Go Commercial
AI to Prevent Grid Failures
Keeping Fake News Out of Research

The research and development project is being managed by the Department of Homeland Security’s (DHS) Science and Technology Directorate (S&T) Cyber Security Division’s (CSD) Internet Measurement and Attack Modeling (IMAM) project. CSD is part of the Homeland Security Advanced Research Projects Agency.

“Malicious code, more commonly known as malware, is a growing cybersecurity concern mainly because it can run undetected on systems and devices without the user’s knowledge, especially in embedded systems” said Cyber Security Division Director Douglas Maughan. “This project will strengthen defenses against malware by identifying and countering an intrusion early, before it compromises a device’s sensitive and private information.”

As part of a project entitled “Hybrid Prediction for Embedded Malware,” Red Balloon will design, develop and implement four new capabilities into its Symbiote Defense system:
• Create attack graphs that will catalogue system defenses along various embedded device attack paths
• Develop a live-hardening feature to capture detailed information about malware attacks
• Create an advanced, continuous, real-time monitoring capability that will exfiltrate forensic details of malware actions as the malicious program runs
• Expand the system’s functionality to display malware forensic details and perform post-processing to analyze the details sufficiently so system or network operators can take short-term action without having to wait for expert human analysis

Red Balloon also will test and pilot the upgrades and solicit feedback from users so the updated platform can be further refined.

“We are looking to Red Balloon Security to greatly enhance capabilities to identify cyber-intrusions and speed the reaction time of network and system operators to eliminate a threat,” said S&T IMAM Program Manager Ann Cox.



Leave a Reply

You must be logged in to post a comment.