The Intelligence Advanced Research Projects Activity (IARPA) is seeking to provide novel technologies to improve the response of both law enforcement and the intelligence community (IC) in attributing the sources of malicious cyberattacks.
The program – dubbed Securing Our Underlying Resources in Cyber Environments (SoURCE CODE) – seeks to provide novel technologies to assist forensic experts in making determinations of the most likely attackers based on coding styles in both source code and binary executables.
The program will recruit top talent to measure the similarity between files and provide forensic experts with information on an attacker’s likely origins – including country, groups, individuals, and more. This capability, IARPA explained, will help automatically match similar binaries from known samples, allowing analysts to attribute malicious attacks more rapidly.
“Once fully developed, SoURCE CODE will be a vital supporting tool for forensic experts in both commercial and governmental positions,” SoURCE CODE Program Manager Kris Reese said in a statement on Nov. 20. “As a result, SoURCE CODE will make it more difficult for cyber-criminals to operate without detection and remain anonymous.”
IARPA held a proposers’ day in early October for the SoURCE CODE Program. According to a broad agency announcement posted on SAM.gov on Nov. 15, IARPA is looking to make multiple awards for solutions that fill the program’s mission needs.
Interested parties have until Jan. 22, 2024, to submit their proposals.
Once IARPA selects performers, the SoURCE CODE program is anticipated to be a 30-month effort and comprised of two phases. Phase one will be 18 months in duration and phase two will last 12 months.
Phase one’s goal is for performers to develop new methods to identify cyberattackers by conducting foundational research on different approaches, theories, and concepts to establish the building blocks of their SoURCE CODE system.
During phase two, performers will seek to extend the capabilities developed in phase one and work across both the source code forensics and binary forensic domains. Program phases are designed to test performer systems against increasingly challenging scenarios. Testing and evaluation of the performers’ systems will be conducted by IARPA’s partners at Sandia National Laboratory, Lawrence Livermore National Laboratory, and the Software Engineering Institute.
SoURCE CODE performers will be expected to have a deep background in computer science, data science, and cyber-forensics research, IARPA said.
“This is of course a challenging field of study, and attribution of attacks goes beyond simply similarity matching – into domains AI may have difficulty understanding,” Reese said. “However, the potential for SoURCE CODE to improve forensic capabilities will contribute to a better understanding of cyberattack origins and advance the IC’s mission.”
