Flexible and Adaptive Malware Identification Using Techniques from Biology

Abstract:

The holy grail in cyber analytics is to find new ways to understand the information we already have access to. One way to do that is to characterize the data into reasonable sizes and then leverage any known information to generate new insights. Biologists have been using a similar process for decades. This paper introduces the MLSTONES tool set that was developed by leveraging biology and bioinformatics, high-performance computing, and statistical algorithms applied to cyber data and specifically to malware. Furthermore, the paper discusses the tool suite, its applications, and how it compares to or can work with other related tools.


AUTHORS

Photo of Elena Peterson

Pacific Northwest National Laboratory
Richland, Washington, United States

Elena Peterson joined the Pacific Northwest National Laboratory in 1990 after getting a bachelor’s degree in Computer and Information Science from the University of Oregon. She is currently a Senior Cyber Security Research in the Computation and Analytics division. Ms. Peterson has led the research, development, and management of multiple cross-disciplinary, multi-laboratory projects focused in the areas of cyber security, fundamental sciences, and national security. Her work has included research and development of integration computational environments for bioinformatics, physics, computational chemistry, and cyber security. She is currently the principal investigator for the MLSTONES project, which applies algorithms and tools from the biological sciences to create new and innovative solutions to relevant cyber security problems, thus merging two of her main interests. More recently she has become the Program Manager for Cyber.gov which aims to improve the cyber security posture of all departments and agencies in the government. She continues to focus on research and development in major national and cyber security interests as well as maintaining work in the fundamental sciences.

Photo of Aaron Phillips

Pacific Northwest National Laboratory
Richland, Washington, United States

Aaron Phillips is a software engineer at Pacific Northwest National Laboratory in Richland, Washington. He has 10 years of experience engineering software in support of cyber security and bioinformatics research applications. He earned a B.S. degree in Computer Science from the University of Idaho.

Photo of Richard Griswold

Pacific Northwest National Laboratory
Richland, Washington, United States

Richard Griswold is a cyber security researcher at Pacific Northwest National Laboratory with almost 20 years of experience in malware analysis, reverse engineering, networking, and embedded system development.  He has a master's degree in Computer Science from Washington State University and a bachelor's degree in Computer Science from the University of Alaska Fairbanks.

Photo of Keith Star

Pacific Northwest National Laboratory
Richland, Washington, United States

Keith Star is passionate about malware. His research interests cover disassembly, obfuscation, and semantic analysis.

Photo of Christopher Oehmen

Pacific Northwest National Laboratory
Richland, Washington, United States

Christopher Oehmen received his B.A. in Physics and Mathematics from Saint Louis University in 1995 and M.S. and Ph.D. degrees in Biomedical Engineering in 1999 and 2003 respectively from the Joint Graduate Program in Biomedical Engineering at the University of Memphis and University of Tennessee Health Science Center. Chris is now at PNNL as a research scientist, previously serving as the lead for the Asymmetric Resilient Cybersecurity Initiative. His research is built on a foundation of high-performance computing applications in biology, with special emphasis on how these biological approaches can be used as a new paradigm for other fields such as cybersecurity. His resilience and active defense work rely on a foundational application of biological principles for survivability and regeneration with special emphasis on facilitating human control of complex systems.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    21 North Broad Street
    Suite 2-H
    Luray, VA 
    22835 
  • 757.581.9550
  • JIW@ArmisteadTec.com