Flexible and Adaptive Malware Identification Using Techniques from Biology
Abstract:
The holy grail in cyber analytics is to find new ways to understand the information we already have access to. One way to do that is to characterize the data into reasonable sizes and then leverage any known information to generate new insights. Biologists have been using a similar process for decades. This paper introduces the MLSTONES tool set that was developed by leveraging biology and bioinformatics, high-performance computing, and statistical algorithms applied to cyber data and specifically to malware. Furthermore, the paper discusses the tool suite, its applications, and how it compares to or can work with other related tools.
AUTHORS
Pacific Northwest National Laboratory
Richland, Washington, United States
Elena Peterson joined the Pacific Northwest National Laboratory in 1990 after getting a bachelor’s degree in Computer and Information Science from the University of Oregon. She is currently a Senior Cyber Security Research in the Computation and Analytics division. Ms. Peterson has led the research, development, and management of multiple cross-disciplinary, multi-laboratory projects focused in the areas of cyber security, fundamental sciences, and national security. Her work has included research and development of integration computational environments for bioinformatics, physics, computational chemistry, and cyber security. She is currently the principal investigator for the MLSTONES project, which applies algorithms and tools from the biological sciences to create new and innovative solutions to relevant cyber security problems, thus merging two of her main interests. More recently she has become the Program Manager for Cyber.gov which aims to improve the cyber security posture of all departments and agencies in the government. She continues to focus on research and development in major national and cyber security interests as well as maintaining work in the fundamental sciences.
Pacific Northwest National Laboratory
Richland, Washington, United States
Aaron Phillips is a software engineer at Pacific Northwest National Laboratory in Richland, Washington. He has 10 years of experience engineering software in support of cyber security and bioinformatics research applications. He earned a B.S. degree in Computer Science from the University of Idaho.
Pacific Northwest National Laboratory
Richland, Washington, United States
Richard Griswold is a cyber security researcher at Pacific Northwest National Laboratory with almost 20 years of experience in malware analysis, reverse engineering, networking, and embedded system development. He has a master's degree in Computer Science from Washington State University and a bachelor's degree in Computer Science from the University of Alaska Fairbanks.
Pacific Northwest National Laboratory
Richland, Washington, United States
Keith Star is passionate about malware. His research interests cover disassembly, obfuscation, and semantic analysis.
Pacific Northwest National Laboratory
Richland, Washington, United States
Christopher Oehmen received his B.A. in Physics and Mathematics from Saint Louis University in 1995 and M.S. and Ph.D. degrees in Biomedical Engineering in 1999 and 2003 respectively from the Joint Graduate Program in Biomedical Engineering at the University of Memphis and University of Tennessee Health Science Center. Chris is now at PNNL as a research scientist, previously serving as the lead for the Asymmetric Resilient Cybersecurity Initiative. His research is built on a foundation of high-performance computing applications in biology, with special emphasis on how these biological approaches can be used as a new paradigm for other fields such as cybersecurity. His resilience and active defense work rely on a foundational application of biological principles for survivability and regeneration with special emphasis on facilitating human control of complex systems.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive