Security News Scientists Are Working On A CPU That Can Detect Malware At Hardware Level

O

Omnipotent

Thread author
Researchers are working on a new CPU chip design that will extend the fight against malware at the hardware level in an attempt to bolster computers, mobiles, and other devices against the rising wave of security threats.

The work is being carried out by two teams of researchers from the Binghamton University and the University of California-Riverside.

The project is named "Practical Hardware-Assisted Always-On Malware Detection" and will be funded through a three-year research grant of $275,000 the teams received from the National Science Foundation.

New chip design to detect process anomalies inside the CPU
The principle at the base of this research is to modify a CPU chip to include extra logic to detect anomalies in running processes. Once something out of order is detected, the CPU will alert local security software that something is wrong. The local security software will have the final decision on what to do with the detected anomaly.

Researchers are sceptic that the modified CPU will pick up all threats, but they view their project as an extra layer of defense they can add to CPUs, and not as a standalone security system.

Scientists say that the CPU will use low complexity machine learning algorithms to classify malware from normal processes.

"The detector is, essentially, like a canary in a coal mine to warn software programs when there is a problem," said Dmitry Ponomarev, professor of computer science at Binghamton University, State University of New York.

"The hardware detector is fast, but is less flexible and comprehensive. The hardware detector’s role is to find suspicious behavior and better direct the efforts of the software," Prof. Ponomarev also added.

Previous work on this topic
The work of Prof. Ponomarev and his team is not unique. In 2014, a team of three researchers from the Columbia University in New York, have also explored the subject in their paper titled "Unsupervised Anomaly-based Malware Detection using Hardware Features."

In their work, the Columbia team used a similar system to the one proposed by the Binghamton and California-Riverside researchers. The Columbia team used unsupervised machine learning to build profiles of normal program execution based on data from performance counters and used these profiles to detect significant deviations in program behavior that occurred as a result of malware exploitation attempts.

Similar work has been carried out by Intel and researchers from Clarkson University. The work of the Binghamton researcher team, on which this project is based, is detailed in research papers titled "Hardware-based Malware Detection using Low-level Architectural Features" and "Ensemble Learning for Low-level Hardware-supported Malware Detection."

In recent months, news about CPUs and security involved researchers bypassing ASLR protections on Intel Haswell CPUs or researchers finding hidden code (some would call it a backdoor) inside the architecture of Intel x86 processors. In fact, two of the researchers working on this project, were also on the team that discovered the Intel Haswell CPU ASLR bypass technique.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Questions:

Would this be primarily targeted for Industrial systems or IoT and Consumer systems?

Is this a step further from McAfee DeepSAFE Technology?
McAfee® DeepSAFE™ technology is the McAfee-Intel jointly-developed technology which allows McAfee to develop hardware-assisted security products that take advantage of a “deeper” security footprint. McAfee DeepSAFE technology sits beyond the operating system (and close to the silicon) allowing McAfee products to have an additional vantage point in the computing stack to better protect systems.
McAfee Reshapes Industry with Breakthrough Security Technology | McAfee Press Release
 
W

Wave

Thread author
Questions:

Would this be primarily targeted for Industrial systems or IoT and Consumer systems?

Is this a step further from McAfee DeepSAFE Technology?
I don't know much about McAfee and this DeepSAFE Technology however if it works on a software level then it is not the same. For example you can utilise the hardware via working with the hyper-visor for virtualisation, but it won't be as secure and powerful as what is mentioned in the thread post because the technology mentioned above is actually directly from within the hardware (as far as I can tell - maybe I misread it! :( ) :)
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Surfright, MBAM and other various organizations should look this closely, cause it will help to improve the protection not only on software but in hardware level.

Exploits [as a prime example] nowadays are already evolve and some taking critical processes to work flawlessly without notifying the security program.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top