On November 15, the Intelligence Advanced Research Projects Activity (IARPA) released the broad agency announcement (BAA) for the Securing our Underlying Resources in Cyber Environments (SoURCE CODE) program. Responses are due by 5:00 p.m. Eastern on January 22.

The volume, methods, and complexity of cyberattacks on companies and infrastructure has grown significantly and will continue to evolve over time. These cyberattacks – whether on government systems or private companies – pose a serious threat to national security. At the same time, there is a shortage of cyber expertise to fill all necessary cyber-focused positions in the commercial world. This challenge holds true with cyber-forensic experts, who play an important role in attributing these attacks to assist with informing companies and governments on the threats that are facing the U.S. Attribution of these malicious attacks can work to disrupt criminal cyber capabilities and improve law enforcement and intelligence community responses to attacks.

The SoURCE CODE program is seeking to provide novel technologies to assist forensic experts in making determinations of the most likely attackers, based on coding styles. The program will explore full feature spaces in binary code and source code files to measure the similarity between files and provide information to forensic experts to the likely origins (country, groups, individuals, etc.). This capability would enable the automated matching of similar binaries from known samples, allowing analysts to speed up the attribution of malicious attacks to improve law enforcement and intelligence community responses.

SoURCE CODE will create novel methods and technologies that go beyond the common lexical and syntactic features that have been explored in prior literature; these features might include semantic and behavioral features that may become salient features for similarity and demographic traits. The Program will create scientifically validated forensic similarity and analytic technologies that allow for a measure of similarity of code and binaries as well as provide additional information or components of the code that may assist in analyzing hidden demographic information (groups, countries, or individuals where possible). SoURCE CODE systems shall provide evidence or explanations, beyond just a similarity score, to assist forensic experts in making a final attribution.


Source: SAM

The right opportunity can be worth millions. Don’t miss out on the latest IC-focused RFI, BAA, industry day, and RFP information – subscribe to IC News today.