There is a new milestone being developed. A new CPU chip is being designed and developed that will extend the fight against malware. The said CPU is supposed to attempt to protect computers, mobiles and other devices against malware threats at the hardware level.
The work is being carried out by two teams of researchers from the Binghamton University and the University of California-Riverside.
The project is named “Practical Hardware-Assisted Always-On Malware Detection” and will be funded through a three-year research grant of $275,000 the teams received from the National Science Foundation.
The premise and basic principle at the base of this project to be is to create or modify a CPU chip to include extra logic and algorithms to detect anomalies in running processes. Once these anomalies are found, the CPU is supposed to alert security software that something is going on and will let the security software deal with the detected anomaly.
Although a lot of researchers are skeptical about the possible outcome that the developed CPU will pick up all the threats, but are a little optimistic that the additional layer of defense can add to the CPU and will not be a stand-alone solution.
Researchers deduce that the CPU will be using a low complexity learning algorithm to classify malware from normal processes.
The detection method would basically be a canary in a coal mine that would be able to warn when there is a problem.
Hardware detection would definitely be fast but possesses less flexible and comprehensive. Its major role is to find suspicious behavior to better direct the detection software to the right track.
The work of Prof. Ponomarev and his team is not unique. In 2014, a team of three researchers from the Columbia University in New York, have also explored the subject in their paper titled “Unsupervised Anomaly-based Malware Detection using Hardware Features.”
In their work, the Columbia team used a similar system to the one proposed by the Binghamton and California-Riverside researchers. The Columbia team used unsupervised machine learning to build profiles of normal program execution based on data from performance counters and used these profiles to detect significant deviations in program behavior that occurred as a result of malware exploitation attempts.
Similar work has been carried out by Intel and researchers from Clarkson University. The work of the Binghamton researcher team, on which this project is based, is detailed in research papers titled “Hardware-based Malware Detection using Low-level Architectural Features” and “Ensemble Learning for Low-level Hardware-supported Malware Detection.”
Months had passed and news about CPU’s and security paved a way for researchers to bypass ASLR protection on Intel Haswell Processors. They have found hidden code or a possible backdoor in the Intel x86 processors architecture.
In fact, two of the researchers working on this project, were also on the team that discovered the Intel Haswell CPU ASLR bypass technique.