Riverside Research’s Cyber Lab is currently developing a set of smart tools called "DigR" which is intended to increase an analyst’s effectiveness in understanding malware and discovering vulnerabilities. DigR uses intelligent instrumentation to stealthily monitor an operating system (OS) or application on a remote system. Cyber analysts can collect information about the behavior and effects of running an OS or application, egress that data, and automatically decompose it into something that is easily understood. DigR is capable of importing files from several popular reverse-engineering tools, and its pluggable architecture and comprehensive application programming interface (API) allow cyber analysts to develop their own plug-ins with ease.
The Cyber Research Lab is developing tools and heuristics to raise the abstraction level of binary analysis. For instance, our team is working on a domain specific language to allow analysts to capture their knowledge and problem-solving process in a set of higher-level heuristics. This will allow less experienced analysts to quickly learn what elements are important, how to experiment with a binary, and how to make decisions about whether a program should be trusted. This should reduce the training time for a cyber analyst and increase the organization’s overall computer and network security capability.