This Small Business Innovation Research Phase I project aims to design and develop an automated, behavior-based, malware analytics software system. This system addresses the growing problem of significant delay between a malware outbreak and the response from the IT security community. The response time to malware outbreaks is becoming increasingly longer - sometimes as long as 2 months or longer for a given malware instance. The main cause of this problem is two-fold: a) overdependence on manual analysis of the malware in practice today and b) a significant increase in the number of new malware, with the current level as high as 5,000-10,000 unique instances a day. NovaShield, Inc. will develop an automated software system to collect, store, summarize, and categorize the vast amounts of data associated with the thousands of new malware being encountered daily. This automated solution will provide data mining capabilities and data filters for efficient data queries that will help find answers to specific questions about malware and their behavior. The solution will also include tools to capture, view, understand, and query the behaviors of new malware so that the means for detecting them can be developed more rapidly. The proposed research will have broad impact and, if successfully deployed, significant commercial opportunity. By enabling early detection and remediation, the research will lead to improving the response time to malware outbreaks before they have time to do serious damage. The solution will ultimately provide businesses, government agencies, and consumers with better protection against emerging threats than exists today, thereby making their computing environment safer and reducing the financial losses they incur due to malware.
