Windows 10: Scientists Working On CPU That Can Detect Malware At Hardware Level

Source: Scientists Working on a CPU That Can Detect Malware at the Hardware Level

Researchers are working on a new CPU chip design that will extend the fight against malware at the hardware level in an attempt to bolster computers, mobiles, and other devices against the rising wave of security threats.

The work is being carried out by two teams of researchers from the Binghamton University and the University of California-Riverside.

The project is named "Practical Hardware-Assisted Always-On Malware Detection" and will be funded through a three-year research grant of $275,000 the teams received from the National Science Foundation.

New chip design to detect process anomalies inside the CPU
The principle at the base of this research is to modify a CPU chip to include extra logic to detect anomalies in running processes. Once something out of order is detected, the CPU will alert local security software that something is wrong. The local security software will have the final decision on what to do with the detected anomaly.

Researchers are sceptic that the modified CPU will pick up all threats, but they view their project as an extra layer of defense they can add to CPUs, and not as a standalone security system.

Scientists say that the CPU will use low complexity machine learning algorithms to classify malware from normal processes.

"The detector is, essentially, like a canary in a coal mine to warn software programs when there is a problem," said Dmitry Ponomarev, professor of computer science at Binghamton University, State University of New York.

"The hardware detector is fast, but is less flexible and comprehensive. The hardware detector’s role is to find suspicious behavior and better direct the efforts of the software," Prof. Ponomarev also added.

Previous work on this topic
The work of Prof. Ponomarev and his team is not unique. In 2014, a team of three researchers from the Columbia University in New York, have also explored the subject in their paper titled "Unsupervised Anomaly-based Malware Detection using Hardware Features."

In their work, the Columbia team used a similar system to the one proposed by the Binghamton and California-Riverside researchers. The Columbia team used unsupervised machine learning to build profiles of normal program execution based on data from performance counters and used these profiles to detect significant deviations in program behavior that occurred as a result of malware exploitation attempts.

Similar work has been carried out by Intel and researchers from Clarkson University. The work of the Binghamton researcher team, on which this project is based, is detailed in research papers titled "Hardware-based Malware Detection using Low-level Architectural Features" and "Ensemble Learning for Low-level Hardware-supported Malware Detection."

In recent months, news about CPUs and security involved researchers bypassing ASLR protections on Intel Haswell CPUs or researchers finding hidden code (some would call it a backdoor) inside the architecture of Intel x86 processors. In fact, two of the researchers working on this project, were also on the team that discovered the Intel Haswell CPU ASLR bypass technique.

:)

 

Will Windows 10 NEW Version (April, 2017) have an improved version of Windows defender?

It is not about creator update or future release but Microsoft Anti-Malware team keep working to improve Anti-Malware engine regularly. From personal experience and observing real scenario of using Anti-Malware products including Windows Defender. It is
doing great job and it has high level of satisfaction and remember there is no Anti-Virus program capable of detecting and removing all malwares, but you need to set a right policy and report files which might not be detected with Windows Defender.

 

Windows 10 compatibility checker CPU not supported??

Windows 8 and Windows 8.1 also can't detect the frequencies of Memory or CPU's. It's not just the app.

Windows think my CPU's max frequency is 0.80 GHz if I change the boost clock multiplier from 39 to 42. Any Intel CPU with a "K" at the end has an unlocked multiplier. That is can be overclocked.

This is something Microsoft needs to fix. Overclocking is a thing and Windows should be able to detect clock frequencies. Every other piece of software for detecting hardware seems to work just fine. Why is Microsoft the only ones that can't handle it.
It's an OS's job to handle hardware and Microsoft not being able to hand simple tasks like detecting clock frequencies or being able to tell the difference between the words minimum and maximum, doesn't instill confidence in their ability to make a functional OS.

 

Thanks, RubberDucky!

Good news!!

Hope they can pull it off.

 

It sounds very difficult to achieve but I hope they succeed.

 

Hi there

Possibly a bit of a waste of money IMO -- what is actually "A threat" -- what happens if the hardware thinks something is bad but it's actually OK (there's enough trouble with current AV software with False positive warnings).

Getting a grant for this type of stuff is like getting a grant of 100,000's of dollars to verify that people getting drunk at weekends in city centres are more likely to cause trouble than people staying at home !!!.

Money IMO would be better spent on training USERS to use computers more sensibly and avoid obvious risks like opening email links from unknown senders, giving out too much data on social media or opening fake web sites purporting to be from Banks / Police / Tax authorities etc.

I'm all for progress but this IMO as a 100% waste of money. Sounds like a typical Govt or public sector idea.

Has reminders about US Federal Govt paying well over the odds for Toilet seats for the military and zillions of other similar projects. - Not only US federal Govt but almost any public sector contract worldwide !!!!.

Cheers
jimbo

 

I think Jimbo is utterly right on this regard.