Air Force awards InfoBeyond to develop AutoGenMalware for a tool to automatically generating a bulk of malware sample repository

It is true that cybersecurity is a critical concern for Air Force embedded and other systems such as UAVs, and vulnerabilities can be introduced through various channels, including supply chains, open sources, and maintenance and repair providers. The use of malware is one such attack vector that can compromise the security of these systems.

The technology proposed by InfoBeyond, AutoGenMalware, is designed to address this issue by automating the generation of zero-knowledge behavior-centric malware samples. This approach can help to improve the anti-malware capability of detection tools and provide a quantitative measure of the effectiveness of cyber-resilient defense.

The repository of malware samples provided by AutoGenMalware can be used to train machine learning models and other detection tools to identify and mitigate emerging threats more effectively. By constantly updating the repository with new samples, the system can stay up-to-date with the latest malware variants and help to ensure that Air Force embedded systems remain secure against cyber-attacks.

The use of advanced technologies such as AutoGenMalware can help to strengthen the cybersecurity of Air Force embedded systems and ensure that they remain resilient against emerging threats in the ever-evolving digital landscape. Technically, AutoGenMalware implements malware perturbation by means of optimization algorithms for iterative malware generations. The perturbation iterations are evolved in order to generate malwares that can prevent the detection by using current malware scanning tools. The generated malware repository offers:

• Executable and Evasiveness: AutoGenMalware creates mutated versions of malware in a valid executable format. Meanwhile, there are evasive from detection, achieving misclassification when they are applied to state-of-art anti-malware tools.
• Windows and Linux-like Systems: AutoGenMalware are capable of generating both windows and Linux-like systems, i.e., Portable Executable File (PE) file and Executable and Linkable Format (ELF) files for Windows and embedded Linux operating systems, respectively.
• Coverage and Quantification: AutoGenMalware offers a full coverage of malware generation (known and unknown malwares) in support of stringent security requirements for cyber systems. Meanwhile, the perturbed malwares are high quality measured with metrics. Quantified metrics enable the cyber protection developers to exploit the unknown (knowledge, skills, and resource) of real adversaries.

Yes, that is correct. AutoGenMalware provides anti-malware systems with the capability to train their detection models and enhance their cyber-resilient solutions by generating voluminous malware test samples that guarantee effectiveness in terms of evasion, originated behavior, adversary-like properties, and more. The malware variants generated by AutoGenMalware are effective in terms of malignancy, detection rate, similarity, generation success, and other metrics, and can be evaluated using sandboxing, DL detection models, black-box optimization, and commercial anti-malware solutions such as Avast, AVG, BitDefender, and Kaspersky.

AutoGenMalware employs a zero-knowledge approach, meaning that it automatically generates variants like real adversaries would without making any assumptions, thus ensuring the format and behavior of the malware samples are realistic. By training anti-malware systems with these samples, the systems can proactively protect themselves against new threats from real adversaries.

In addition to enhancing cyber-resilient solutions, AutoGenMalware can also be used as a co-evolving protection system that detects, responds, and adapts to unforeseen threats, making it an effective tool for building a practical and effective cyber-immune system for enhancing security in cyber systems.