Binghamton University researchers want to use hardware to fight computer viruses
$275,000 grant from National Science Foundation will support computer research
Fighting computer viruses isn’t just for software anymore.
Binghamton University researchers will use a three-year $275,000 grant from the National Science Foundation that starts in September to study how hardware can help protect computers too.
“The impact will potentially be felt in all computing domains, from mobile to clouds,” said Professor Dmitry Ponomarev who is the Principal Investigator of the project titled, “Practical Hardware-Assisted Always-On Malware Detection.” Ponomarev works in the Computer Science Department within the Thomas J. Watson School of Engineering and Applied Science along with co-Principal Investigator and Associate Professor Lei Yu.
More than 317 million pieces of new malware - computer viruses, spyware, and other malicious programs - were created in 2014 alone according to work done by Internet security teams at Symantec and Verizon. Malware is growing in complexity with crimes such as digital extortion - a hacker steals files or locks a computer and demands a ransom for decryption keys - becoming large avenues of cyber attack.
“This project holds the promise of significantly impacting an area of critical national need to help secure systems against the expanding threats of malware,” Ponomarev said. “[It is] a new approach to improve the effectiveness of malware detection and to allow systems to be protected continuously without requiring the large resource investment needed by software monitors.”
Countering threats has traditionally been left solely to software programs, but Binghamton researchers want to modify a computer’s central processing unit (CPU) chip - essentially, the machine’s brain - by adding logic to check for anomalies while running a program like Microsoft Word. If an anomaly is spotted the hardware will alert more robust software programs to check out the problem. The hardware won’t be right about suspicious activity 100 percent of the time, but since the hardware is acting as a lookout at a post that has never been monitored before, it will improve the overall effectiveness and efficiency of malware detection.
“The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution,” Ponomarev said. “Since the hardware detector is not 100 percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time.”
The modified CPU will use low complexity machine learning - the ability to learn without being explicitly programmed - to classify malware from normal programs, which is Yu’s primary area of expertise.
“The detector is, essentially, like a canary in a coal mine to warn software programs when there is a problem,” Ponomarev said. “The hardware detector is fast, but is less flexible and comprehensive. The hardware detector’s role is to find suspicious behavior and better direct the efforts of the software.”
Much of the work - including exploration of the trade-offs of design complexity, detection accuracy, performance and power consumption - will be done in collaboration with former Binghamton Professor Nael Abu-Ghazaleh who moved on to the University of California-Riverside in 2014.
Grant funding will support graduate students that will work on the project both in Binghamton and California, conference travel and the investigation itself.