Apparatus and Method for Identifying Related Code Variants in Binaries

Reference#: P03366

Malware attacks pose a continuing threat to government and commerce; information security costs are significant and rising because the economics currently favor the attackers. Defenders bear the added costs of each attack individually, with little ability to achieve economies of scale; attacker costs rise very little with each added attack.

  • Software identifies relationships between executable code (including malware)
    • Creates highly compressed, share-able representations or “fingerprints”
    • Fingerprints populate a library
    • Fast, matching algorithms assign a metric of similarity
  • Proven to be reliable, fast, automated and scalable

  • Prototype is ready to be piloted and tested
    • Malware processing lab environment
    • Enterprise level testing
    • Integration into existing COTS solutions
  • Secure sharing of malware relationships will achieve economies of scale.
    Dr. G. R. Jacobovitz
    Phone: (443) 778-9899

    Additional References:

    Published Patent Application