OMB Individually Reported

Malware Reverse Engineering

Low riskExact public inventory row

Description

This AI capability uses deep learning to assist CISA analysts with understanding the content of malware samples, automating tasks such as triage and indicator extraction.

Detailed example

A report is generated from malware samples submitted to the analysis pipeline that is then used by human analysts to facilitate the malware triage process. Additional recommendations are displayed via plugins to reverse engineering tools.

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

a) Pre-deployment – The use case is in a development or acquisition status.

Expected benefit

This use case delivers improved internal government tools for reverse engineering of malware and speeding the development of cyber threat intelligence that can be shared across the government and with CISA partners. Threat actors can leverage the same malware for long periods of time, so having the ability to improve analysis and generation of shareable cyber threat intelligence forces threat actors to spend more resources generating new malware. Machine learning and other analytical tools are leveraged to guide malware analysts and automate elements of the manual reverse engineering process. Automation of tasks such as triage and indicator extraction allow threat hunting analysts to meet high demand and focus more on adversary response.

Controls / human review

ATO: Not reported; PIA: Not published