DISA asks industry for trusted computing ways of using artificial intelligence (AI) to detect malware

SCOTT AIR FORCE BASE, Ill. – U.S. military trusted computing researchers are asking industry for news ways to apply artificial intelligence (AI) and machine learning to cyber security to detect malware and prevent it from infecting military computers and data networks.

Officials of the The Defense Information Systems Agency (DISA) at Scott Air Force Base, Ill., issued a sources-sought notice this week (PL84110001) for the Signatureless Endpoint Protection (SEP) Prototype Pilot-Test program.

DISA wants a SEP solution that detects and prevents malware by applying AI, algorithmic science, and machine learning for analyzing the potential existence of computer files and file executions for malware.

The solution should rely on AI and machine learning to analyze malware at the DNA-level, require minimal updates, work on air-gapped networks, predict cyber malware threats, and prevent malware from exploiting system vulnerabilities.

Related: DISA launches cyber review framework for military information network infrastructure

Sponsoring this project are officials of the DISA Development and Business Center Cyber Development Directorate Innovation Office.

Computer systems today typically guard against malware by comparing signature files for known malware exploits. Instead, DISA intends to audit signatureless endpoint solutions to compare and contrast with existing cyber security tools.

DISA is looking for a solution to eliminate zero-day attacks where the AI/machine learning engine does not depend on signature file repositories in trusted computing attempts to identify and remove malware. Target client systems include Microsoft Windows server/desktop, Linux, and MAC.

The solution should be able to detect and block unknown malware on or off the DISA Network (DISANet) with an accurate AI-derived local detection engine.

Related: Developing a secure COTS-based trusted computing system: an introduction

The solution should not require continuous cloud connectivity or signature updates, and work in open and isolated networks with an on-premise option. It should be able to run alongside any existing standard anti-virus products without interference.

The solution should have a central management component able to deploy, manage, and centrally report client components and events. The cyber security management interface should be able to establish central configuration of policies of each client, and be intuitive and easy to use with minimal training.

The solution should provide other detection and prevention features including fileless malware, exploit prevention, script control, device control, and application control. It should be able explicitly to block powershell and activescript interpreters while still allowing specific scripts to execute.

Related: Lockheed Martin continues work on National Cyber Range training for exceptionally virulent code

The solution should be able to integrate with any standard security information and event management (SIEM) solution for output of alerts and reports, and have minimal performance impact on network bandwidth, host memory, disk, and central processing unit (CPU).

Companies interested should email white papers no later than 24 Sept. 2018 to DISA's Kevin Poore at [email protected].

For questions or concerns contact DISA's Kevin Poore by phone at 618-418-6263, or by email at [email protected]. Also phone DISA's Vanessa McCollum at 618-229-9776.

More information is online at https://www.fbo.gov/spg/DISA/D4AD/DITCO/PL84110001/listing.html.

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos