Publications
Cross-domain Situational Awareness in Computing Networks
Rapidly gaining understanding of an executable file is an extremely hard problem, yet one that is critical to support realistic network defense. Without a strong understanding of what programs do, there is no way that defenders can determine whether the presence of a given program is appropriate or not. This research effort was focused on developing ways to allow a human analyst to rapidly build understanding of the content of executable files.