ARCHIVED PAGE - This page is archived and being provided for historical reference.

The Distributed Analytics and Security Institute (DASI) has merged into The Center for Cyber Innovation (CCI). The CCI website is available at

Cyber Phylogeny & Attribution

Dr. Wes McGrew

  1. Develop new tools and methods to reverse-engineer and analyze malicious software. The analysis will identify commonalities among code samples, which can help construct a "family tree" of related malware. The analysis will also identify indicators of authorship for purposes of attribution.
  2. Analysis will be performed on both static malware and dynamic (executing) malware.
  3. Deliverables from the task will include the analytical software and documentation; and technical reports describing its construction, application, and performance.

How does this extend the limits of current practice?

New tools and methods will have improved performance characteristics, compared to current methods