Cyber research & development
BAE Systems’ cyber and communications technologies research addresses emerging challenges in cybersecurity for military systems. This encompasses cyber-defensive techniques that do not degrade performance, and tailored cyber operations that improve mission effectiveness. With 75 percent of our staff holding advanced degrees, the company executes extensive cutting-edge research for DARPA (Defense Advanced Research Projects Agency), military service labs, and the intelligence community.
Performance-preserving cyber defense
BAE Systems’ Cyber Defense and Networking group innovates proactive and reactive cyber defense offerings for hosts and networks. Ongoing research to protect the host provides built-in security techniques, including extensions to software compilers, automatic security analysis of binaries, and binary transformations. BAE Systems’ innovative network coding, multipath forwarding, and transport protocol adaptation provides network performance that balances performance, privacy, and cyber-robustness. Cross-cutting research in host and network systems focuses on exposing cyber threats, such as insiders and zero-day vulnerabilities, through novel cyber sensing, reputation-based networking and automated response — while simultaneously minimizing the resulting system overhead.
Mission enhancement through cyber operations systems
BAE Systems is extending the science of cyber operations through the development of algorithms, tools, and techniques to automate cyber development activities for faster and more effective operation. The company’s Automated Reverse Engineering tool suite, or ARE, is a tool that determines if any potential backdoors or exploitable features are present in software through automated analysis. Unlike some solutions, ARE does not require source code for its analysis, as it is designed to use simply component binary inputs. This is highly desirable because source code is not always available. ARE allows analysts to compute solutions for a variety of cyber missions. Leveraging the latest advances in computer science and mathematics, this research focuses on methods and tools that create a force multiplier for our cyber warriors.
Cyber capabilities highlights
Restoring the power grid
We are researching and developing technology designed to quickly restore power to the U.S. electric grid after a catastrophic failure caused by a cyber attack.
As part of the RADICS (Rapid Attack Detection, Isolation, and Characterization Systems) program with the Defense Advanced Research Projects Agency, the technology being developed aims to:
- Quickly isolate both enterprise IT and power infrastructure networks from all conduits of attack.
- Establish a secure emergency network among trusted organizations to enable the coordination necessary to restore power to the grid.
Learn more in our article Developing technology to speed electric power restoration after cyber attacks.
Cyber attack prediction
As part of IARPA's Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program, we are developing technology that will accurately predict and automatically provide timely warnings of cyber threats against participating organizations, allowing for defensive actions ahead of an attack. New predictive methods will combine existing advanced intrusion detection capabilities with unconventional publicly available data sources, leveraging sources not usually associated with cybersecurity.
Safety on Untrusted Network Devices (SOUND)
SOUND monitors and protects networks from persistent threats and provides administrators with situational awareness of network activity. It uses existing network infrastructure to aggregate network actions over time into reputation values, isolating untrustworthy participants from the Community of Trust. This technology was developed as part of DARPA's Mission-Oriented Resilient Clouds program.
Automated Reverse Engineering (ARE)
Automate Reverse Engineering allows for static and dynamic analysis on multiple platforms, and solves the challenge of detecting potential problems in the binary without directly running the binary. ARE allows for validation of the binary against specifications and provides a way to inspect binary files.
BAE Systems’ current R&D efforts in the taint analysis area include algorithm design to improve runtime efficiency, using math to simplify and optimize the process. Taint analysis provides insight into program execution logic, helping to answer such questions as, Where did this value come from? Where does it go? What could cause the program to do this particular thing we can see statically? One of BAE Systems’ discriminators is the ability to analyze taint both statically and dynamically.
Malware clustering allows for the understanding of the lineage and provenance of malware code. Clustering allows the analyst to identify which parts of certain malware samples are similar (pointing to code reuse) or possibly written by the same author. This is particularly helpful in the area of cyber forensics. BAE Systems constructed an integrated analysis tool chain and a set of procedures that support dynamic analysis of malware. The malware was clustered according to dynamic behavioral characteristics. The clusters were then used to classify new, unseen malware. The tool was tested using over 12,000 malware samples, and achieved an accuracy rate of over 90 percent.