Two Dakota State faculty members receive NSA funding for malware research

Dec. 1, 2020

This paid piece is sponsored by Dakota State University.

Two Dakota State University faculty members studying malware have received a $150,000 federal grant to help with their work.

Bramwell Brizendine, assistant professor of computer and cybersciences, and Josh Stroschein, assistant professor of cybersecurity/network and security administration, have received the National Security Agency grant for a joint research project

Brizendine and Stroschein are each developing independent frameworks for the analysis of shellcode and malware.

Josh Stroschein

Shellcode is a small piece of injected code used to exploit the vulnerability of a software, or when used in malware, it can obscure what an attacker is doing. Malware are malicious viruses, ransomware and spyware developed by attackers and designed to cause damage to data and systems or to gain unauthorized access to a network.

“Our grant is essentially two projects bundled together, and he and I are both tackling different aspects of it,” Brizendine said. “Our work comes together nicely to form a cohesive whole.”

This research and framework development will benefit not only South Dakota but also anywhere that malware is a threat.

Brizendine is creating a framework called SHAREM that focuses on automated shellcode analysis. Through this, users can learn a wealth of detailed information about what the shellcode form malware is doing in terms of functionality, he explained.

Bramwell Brizendine

“This can quickly allow someone to understand what is happening without the need to understand shellcode itself, which would require advanced training,” he said.

SHAREM can be used independently, or it can be fed into the MARVELL framework being developed by Stroschein. MARVELL aggregates the top tools and technologies already out there, with Stroschein’s own contributions incorporated as well, to provide detailed intelligence on the malware being examined.

Ultimately, a user could place a sample of malware inside MARVELL to gain a full and detailed understanding of its malicious functionality without the use of highly specialized tools of the industry such as IDA Pro or WinDbg. The MARVELL framework works by placing the malware in a sandbox environment to detonate, or execute, and perform its malicious activities, with other specialized analysis being conducted. An automated, detailed report would be generated from MARVELL.

“Collectively, both SHAREM and MARVELL will provide a wealth of information to a malware analyst, which gives them a solid understanding of what the malware is doing,” Brizendine said.

The utilization of these frameworks will help minimize the amount of time someone would need to spend analyzing the malware. A professional malware analyst could spend up to 40 hours studying malware to develop an in-depth level of understanding, Brizendine explained. Companies and organizations do not have time for that, and they depend upon tools like MARVELL to provide information about the malware and relevant threat intelligence.

Two DSU students, Austin Babcock and Odin Bernstein, are assisting with the research and creation of the two frameworks. Babcock, who is pursing a master’s degree in computer science, is working with Brizendine on SHAREM. Babcock has completed previous research with Brizendine and is interested in software exploitation, reverse engineering and malware analysis.

Bernstein, a 4+1 cyber operations undergrad working toward a master’s degree in cyber defense, is working with Stroschein on MARVELL. Bernstein has a passion for malware and in addition to assisting with this project is involved with DSU’s new Malware Club.

“This grant allows our labs, VERONA and MADRID, to provide funded opportunities for students like Austin and Odin to really shine and excel at what they do best, the hardcore, hands-on cyber work DSU is known for,” Brizendine said.

While DSU receives many grants, most are dedicated to an aspect of service, curriculum development, training or workforce development, like the annual cyber camps the university hosts each summer. This grant is a pure research grant like ones often seen at R1 and R2 institutions, Brizendine explained.

The professors and students are working to develop novel contributions to the discipline of cybersecurity with the goal of publishing their work in journals, presenting it at conferences and benefiting the community at large. Brizendine said he is thankful for the resources DSU helps provide through MadLabs.

“It’s great to have ideas like Josh and I have, but MadLabs is able to back us up with its impressive research infrastructure,” he said.

“It’s all possible thanks to the tireless work of Dr. Josh Pauli and our university president, Dr. José-Marie Griffiths; none of this could have been possible without them.”

Want to stay in the know?

Get our free business news delivered to your inbox.



Two Dakota State faculty members receive NSA funding for malware research

Two Dakota State University faculty members studying malware have received a $150,000 federal grant to help with their work.

News Tip

Have a business news item to share with us?

Scroll to top