Research: advancing the discipline of cyber security, and solving the industry’s hard problems along the way.

CyberPoint Research & Development is an industrial research and development activity—advancing the discipline of cyber security by attacking and solving the hard problems of the field. We perform cutting-edge research in cyber security, develops new technologies and product prototypes, invents new tools and techniques, and coordinates with academic and open source researchers.

We are excited to share with the open source community libraries and technologies we have developed that we think might be useful for malware analysis, software reverse code engineering, vulnerability discovery, and software security. We are committed to advancing state-of-the-art research in modeling cyber risk, detecting novel and sophisticated threats, and automating network analysis.

We apply techniques from Software Reverse Code Engineering (RCE), Program Analysis, Machine Learning, and Data Science to discover, evaluate, predict, and measure the risks associated to Cyber Security. Technologies developed within CyberPoint have become open-source projects, US patents, commercial products, and spin-off start up companies. Our Security Research Team (SRT) conducts commercial security research.

Open Source Efforts

To date, some of our research efforts have led to open source releases.

NTRU-Haskell: A Haskell implementation of the NTRU cryptographic system, following the IEEE Standard Specification for Public Key Cryptographic Techniques Based on Hard Problems over Lattices (IEEE Std 1363.1-2008).

libem: An Adapted Gaussian Mixture Model library written in C++, with multi-threaded support using OpenMP, distributed computing support using MPI, and co-processor support (experimental) using OpenCL.

libpgm: A Python library for creating and using Probabilistic Graphical Models (PGMs). PGMs are useful for modeling multi-variate probability distributions in a variety of scenario.

libGalatine: An example controller application written in Pyretic for adding Layer 2 security to a Software Defined Networking (SDN) compliant Class C network.

eventBus: A JavaScript library for handling pub/sub AMQP style functionality.

Academic Partners

The University of Maryland (UMD) and CyberPoint International, LLC, (CyberPoint), entered into a partnership to establish collaborative activities in cyber security. The partnership promotes cyber security education and research through the Maryland Cybersecurity Center (MC2).
Learn more.


The research efforts of Research & Development have led to the development of a number of new products, patents, and technologies offered by CyberPoint.

Methods and Systems for Malware Analysis: a patented contribution to a more thorough way to analyze malware. Samples are analyzed by a plurality of analyzers implemented on one or more computing devices, processed, and displayed via a user interface.

Methods and System for Malware Detection: a patented method, system and media for detecting malware via network monitoring. Feature vectors extracted from the network traffic are analyzed by one or more machine learning models to produce a score indicative of the presence of a particular type of malware.

Similarity Search and Malware Prioritization: a patented contribution to a faster and more efficient way of processing files to detect malware. By comparing unknown samples with known malware, our process enables analysts to determine swiftly which pieces of potentially malicious code should be given priority for further analysis and, if necessary, reverse engineering.

DarkPoint: a malicious digital artifact identification and analysis tool. It employs advanced machine learning algorithms and expert systems to simplify and accelerate malicious digital artifact (file, program, document, image, link, script, etc.) detection, analysis, and remediation.

CyVaR: A decision support product that quantifies an organization's financial risk exposure to cyber attacks. CyVaR enables executives to see the financial impact of vulnerabilities and potential security incidents. It also arms them with the information they need to make smarter business decisions and manage risk.

Papers and Talks

Below are published papers and presentations we have released to date.

On Normalized Compression Distance and Large Malware. R. Borbely. Journal of Computer Virology and Hacking Techniques, 2016.

Active Defense with SDN. Z. Miller. 2015 AFCEA Defensive Cyber Operations Symposium, 2015.

CyberV@R: A Cyber Security Model for Value at Risk. J. Ulrich, C. Cabot, R. Faux, S. Finkelstein, M. Raugas, 2013.

CyberV@R: A Model to Compute Dollar Value at Risk of Loss to Cyber Attack. J. Ulrich, FloCon 2013.

An Introduction to Boolean Satisfiability. I. Blumenfeld. University of Maryland Cyber Security Center Symposium, 2013.

Thwarting Themida: Unpacking Malware with SMT. I. Blumenfeld, R. Faux, P. Li. High Confidence Software and Systems 2013.

Unpacking Malware with SMT Solvers. I. Blumenfeld, R. Faux, P. Li, M. Raugas. SMT 2013 Proceedings.

DARPA Programs

CyberPoint is an active performer on two DARPA programs: STAC and VET. Our team of embedded developers, applied mathematicians, and software RCEs are excited to tackle government research problems and challenge the best research solutions academia has to offer. CyberPoint is also proud to provide on-site Engineering Services to the Department of Defense in Maryland, in areas including Embedded Development, Kernel Development, Application Development, Middleware, Data Science, and Hadoop/Accumulo.


CyberPoint is proud to be an Adversary Challenge (AC) performer on DARPA's Space/Time Analysis for Cybersecurity (STAC) program. Read about STAC here.

A good description of the DARPA STAC program from the perspective of a university team can be found on University of Maryland's Professor Mike Hicks' PL-Enthusiast Blog.


CyberPoint is proud to be an Adversary Challenge (AC) performer on DARPA's Vetting Commodity IT Software and Firmware (VET) program. Read about VET here.

As an example of some of our work on VET, see this presentation (PPT, 1.12Mb) on embedded Linux BIOS firmware bootkit development.

Looking for a job?

We are actively seeking new hires with a strong background in Electrical & Computer Engineering, Computer Science, Mathematics, and Statistics. US Citizenship is required. If you aren't quite ready to change careers but are interested in CyberPoint, stay connected with us!

Contact Us

Let us know if you are interested in working with us, for us, or if you just want to learn more about us.