Motivated by a real operational need to tackle threats posed by the onslaught of constantly evolving exploits and malware, this proposal describes techniques for dynamically analyzing malicious documents and malware that addresses weaknesses in the status quo by (i) focusing on memory-oriented artifacts without the use of traditional sandbox hooks, while at the same time (ii) providing operators with enhanced situational understanding and preemptive malware and exploit defenses. Specifically, we will explore the design and implementation of novel memory-oriented techniques for conducting automated analysis of malware binaries, malicious documents and exploits (i.e. so called cyber-physiology techniques) to not only assist analysts in understanding the their function and intent, but also produce a novel set of outputs (i.e. artifacts, behaviors, code constructs) that, combined, concisely represent human understandable malware and exploit fingerprints. Second, we will design and implement so called cyber-genomics techniques for both individually using and collating a multitude of these malware and exploit fingerprints over time to not only aid in determining their identity, lineage, and provenance, but also identify trends in fingerprint components to pinpoint key distinguishing characteristics of malware and exploits in future waves of attack.
