Polymorphic Malware Detection
Sentar's Polymorphic Malware Detection Unit (PMDU) project was developed under a research award from the Rome Air Force Research Laboratory.
The PMDU creates fuzzy math-oriented patterns to recognize variations of self-mutating malware, called polymorphism. Its machine--learning data modeling techniques create fuzzy patterns that are used to discover abstract matches, rather than a traditional signature used by anti-virus systems.
This research provided the foundation of Sentar's Polymorphic malware analysis skunkworks projects, which continue being enhanced today (codenamed ViEX and BAT).
PDMU generates patterns based on a sample of known truth malware.
Developed the underlying techniques for generating general, non-specific patterns that match polymorphic malware (this is a big deal...it self mutates and the pattern still matches...fuzzy pattern).
The PMDU performs automated detection of dynamically evolving malware as well as zero-day attacks. Sentar developed and used predictive Data Modeling techniques for automated detection of polymorphic malware in Windows and Linux executables.