Cyber Phylogeny & Attribution

Dr. Wes McGrew
mcgrew@cse.msstate.edu

  1. Develop new tools and methods to reverse-engineer and analyze malicious software. The analysis will identify commonalities among code samples, which can help construct a "family tree" of related malware. The analysis will also identify indicators of authorship for purposes of attribution.
  2. Analysis will be performed on both static malware and dynamic (executing) malware.
  3. Deliverables from the task will include the analytical software and documentation; and technical reports describing its construction, application, and performance.

How does this extend the limits of current practice?

New tools and methods will have improved performance characteristics, compared to current methods