Polymorphic Malware Detection

Sentar's Polymorphic Malware Detection Unit (PMDU) project was developed under a research award from the Rome Air Force Research Laboratory.

The PMDU creates fuzzy math-oriented patterns to recognize variations of self-mutating malware, called polymorphism. Its machine--learning data modeling techniques create fuzzy patterns that are used to discover abstract matches, rather than a traditional signature used by anti-virus systems. 

This research provided the foundation of Sentar's Polymorphic malware analysis skunkworks projects, which continue being enhanced today (codenamed ViEX and BAT).  

PDMU generates patterns based on a sample of known truth malware.

Developed the underlying techniques for generating general, non-specific patterns that match polymorphic malware (this is a big deal...it self mutates and the pattern still matches...fuzzy pattern).

The PMDU performs automated detection of dynamically evolving malware as well as zero-day attacks. Sentar developed and used predictive Data Modeling techniques for automated detection of polymorphic malware in Windows and Linux executables.