WASHINGTON – U.S. intelligence researchers are asking industry to find new ways of analyzing software code to uncover characteristics that will help reveal the identities of cyber attackers.
Officials of the U.S. Intelligence Advanced Research Projects Agency (IARPA) in Washington have issued a broad agency announcement (IARPA-BAA-24-02) for the Securing Our Underlying Resources in Cyber Environments (SoURCE CODE) program. IARPA is the research arm of the U.S. Office of The Director of National Intelligence.
The SoURCE CODE trusted computing program seeks to create scientifically validated forensic similarity and analytic technologies that measure similarity of code and binaries to help analyze hidden information on groups, countries, or individuals, and then provide evidence to help forensic experts find those responsible for cyber attacks.
Cyber attacks on companies and infrastructure has grown significantly and will continue to evolve over time, IARPA researchers warn. Worse, there is a shortage of cyber-forensic experts to help attribute these attacks.
Attribution of these malicious cyber attacks can work to disrupt criminal cyber capabilities and improve law enforcement and intelligence community responses to attacks.
The SoURCE CODE program is a 30 month effort in two phases. The first phase seeks to develop new methods and explore the feature space between source code to source code and binary to binary representations of software. The second phase is to extend the capabilities developed in the first phase.
Companies participating are to address three focus areas: feature space generation and extraction; similarity and demographic analytic algorithms; and system explainability.
Feature space generation and extraction may involve neural network approaches, hand-crafted, or a combination of features that predict similarities and information on suspect countries, groups, or individuals.
Similarity and demographic analytic algorithms seeks to develop a system to identify similar binaries to determine similarities to uncover specific authors, groups, or countries. System explainability will help explain why a cyber attack may or may not have come from specific countries, groups, or individuals.
SoURCE CODE has one unclassified technical area and two classified technical areas. Details of the classified technical areas are available to qualified providers.
Companies interested should email unclassified responses no later than 22 Jan. 2024 to IARPA at [email protected].
Email questions, concerns, or requests for classified details to Kristopher Reese, the SoURCE CODE program manager, at [email protected]. More information is online at https://sam.gov/opp/2dfa458e47de4480bd1e2cdfc5eb1de7/view.