A team from Binghamton University has received funding from the National Science Foundation to develop hardware capable of protecting computers from viruses, separating from traditional software-based protection methods.
“The impact will potentially be felt in all computing domains, from mobile to clouds,” said Dmitry Ponomarev, professor of computer science at Binghamton University, State University of New York.
As reported by the researchers, more than 317 million pieces of new malware (computer viruses, spyware, and other malicious programs) were created in 2014, according to Internet security teams at Symantec and Verizon. As malware becomes more complex, with hackers stealing files, locking computers, and demanding ransoms, the group has pledged to stray from traditional software programs that fight these cyberattacks.
“This project holds the promise of significantly impacting an area of critical national need to help secure systems against the expanding threats of malware,” said Ponomarev. “[It is] a new approach to improve the effectiveness of malware detection and to allow systems to be protected continuously without requiring the large resource investment needed by software monitors.”
Instead of relying on software, the Binghamton team wants to modify a computer’s central processing unit (CPU) chip by adding logic to check for anomalies while running a program like Microsoft Word. If an anomaly is revealed, the hardware will alert stronger software programs to check out the problem.
While the hardware wouldn’t be accurate about suspicious activity 100% of the time, it will improve the overall effectiveness and efficiency of malware detection.
“The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution,” said Ponomarev. “Since the hardware detector is not 100-percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time.”
The modified CPU will use low complexity machine learning, which means that it would be able to learn without the ability to learn without obvious programming, in order to classify malware from normal programs.
“The detector is, essentially, like a canary in a coal mine to warn software programs when there is a problem,” said Ponomarev. “The hardware detector is fast, but is less flexible and comprehensive. The hardware detector’s role is to find suspicious behavior and better direct the efforts of the software.”