SBIR/STTR Award attributes
The Air Force seeks a software evolution toolbench supporting efforts for malware detection and mitigation. Adversaries constantly modify and evolve malware strands. Proactive defensive tools need to anticipate and consider the possible future forms of malware. The DARWIN project will create workbench software to generate volumes of executable mutations of an input program. Phase I will prototype the program generation process. Phase II will harden the prototype, build it into a preliminary tool, and enhance the solution for malware detection and mitigation use-cases. Phase III will develop a performant and modular tool usable across scientific and DoD communities. DARWIN will provide key user features including executable program generation for any LLVM-supported platform; mutation and generation of C/C++ programs; support for code or compiled binary inputs; default modes for program generation, malware removal, and vulnerability hardening; flexible tool configuration and algorithm specification; custom database support; front-end API for external tool integrations; flexible compute fabric supporting different platforms. Its target use cases are: (i) to create programs representative of future in-the-wild mutants of existing malware; (ii) to eliminate malware from infected programs while maintaining functionality; and (iii) to automatically harden programs exhibiting vulnerabilities. Phase I efforts span the implementation and comprehensive experimental analysis of a genetic algorithm to generate programs based on initial C/C++ code or binaries. The generated programs are expected to execute on any platform with a supported LLVM back end (e.g., x86, ARM, RISC-V, MIPS).