So Easy A High-Schooler Could Do It: Static malware analysis using function-level signaturesby James Brahm, Matthew Rogers, and Morgan Wagner

This presentation is a summary of an experimental malware detection method pioneered by three high-school interns at Dynetics. Their solution differs from traditional detection methods in that the malware signatures are unique to a function, not a file, and that the signature generation uses context-triggered piecewise hashing (fuzzy hashing) instead of traditional absolute hashing algorithms such as MD5. The team created software called Malfunction that implements these methods. Preliminary tests indicate that it is capable of identifying the author of a malware sample by comparing it to known malware from that author as well as identifying individual malware “features”.

Bio: James Brahm, Matthew Rogers, and Morgan Wagner are seniors at Grissom High School, where they are part of the nationally-ranked Cybersecurity Team. They are currently employed by Dynetics as malware researchers. They all plan to pursue careers in the defense industry, either in the armed forces or as civilian contractors.

Published 18 February 2015