SBIR/STTR Award attributes
It has been observed that cyber-attacks are increasing in both prevalence and sophistication. Most existing cyber defense systems are still using the aged signature-matching techniques which can be easily avoided by current malware through polymorphic methods, such as obfuscation. In this effort, IAI proposes to develop DeepDefense, a deep-learning based cyber defense system to effectively detect and mitigate zero-day attacks. DeepDefense detects zero-day cyber-attacks by analyzing the software program behaviors which cannot be evaded by any polymorphic methods. DeepDefense utilizes deep-learning based artificial intelligence methods to automatically identify benign and malicious behaviors. DeepDefense is implemented and run at the host end. Thus DeepDefense is network agnostic, and can provide uninterrupted security protection even under an encrypted network environment. The intrusion detection results from DeepDefense can be easily reported to an existing SIEM system to improve the security capabilities of mitigating zero-day attacks. Together, DeepDefense will provide advanced intrusion detection/mitigation capabilities to enterprise networks, and provide continuous and uninterrupted security protection against zero-day attacks. Our Phase I DeepDefense prototype shown superior attack intrusion detection results. In Phase II, we plan to further mature the DeepDefense technology, and prepare for a successful technology commercialization.
