Hardware-integrated malware insights
- Dr. Marcus Botacin, of Texas A&M University, recently received a grant to move malware detection from software to hardware, expanding on existing technology.
- This project will include establishing a framework for extending on top of existing central processing unit (CPU) hardware to integrate malware detection and creating all metrics and formal materials needed for methodological evaluation.
- The new hardware would work by making a profile of the computer and its systems under normal usage conditions. At about one profile per second, this would create an evolving baseline that the security hardware could then compare to incoming potential threats.
Imagine a computer that is not slowed down by antivirus software. A computer that does not require constant updates that usually include a subscription cost. What if malicious software and viruses – or malware – detection could simply be built into the hardware of future computers?
Dr. Marcus Botacin, a visiting assistant professor in the computer science and engineering department at Texas A&M University, recently received a grant from the National Science Foundation (NSF) to develop such a concept.
“This is my first grant application ever,” Botacin said. “This grant includes funding for two Ph.D. students that will be my first graduate students, and it is the basis for everything that we will be building here.”
The more than $500,000 grant will help fund Botacin’s laboratory for three years. During that time, he will work to move malware detection from software to hardware, expanding on existing technology. The idea of using hardware to detect malware quicker has been around for about 10 years, according to Botacin. However, his proposal would be the “first formal scientific treatment of the problem.”
Proof of concept for Next Generation Antivirus
The project, Next Generation Antivirus, will include establishing a framework for extending on top of existing central processing unit (CPU) hardware to integrate malware detection and creating all metrics and formal materials needed for methodological evaluation. A new technology for faster, more efficient detection would require evaluations to determine if the method is practical enough without sacrificing other important operations.
Botacin plans to use a hardware emulator, which simulates hardware operations in a software application, to build the framework and find new ways that CPUs can be created and organized to include malware detection.
The storage units of a CPU, called registers, are the fastest memory in a computer. Each CPU has multiple registers, each dedicated to different operations. One of Botacin’s tasks will be determining how many registers will be needed for dedicated security.
Botacin hopes to achieve fast, robust and reliable malware detection without sacrificing speed or performance in other computer processes.
“An important aspect of my research is that I try to make stuff practical — innovative, but practical,” Botacin said. “I try to build on what’s already existing, but can be adapted and enhanced for other purposes, like security.”
The arms race between malware and security
The numerous types of malware like viruses, worms, adware and ransomware continue to evolve into more sophisticated versions of attacking computers and networks. The cybersecurity industry, which includes many large antivirus software companies, is constantly developing answers to these attacks. This ongoing arms race requires even the most robust antivirus software to be updated almost daily. Like any war, there are preemptive and reactive strikes from both sides.
If Botacin’s research comes to fruition in future computers, it could be a significant step toward bolstering the security side and saving time and resources. The new hardware would work by making a profile of the computer and its systems under normal usage conditions. At about one profile per second, this would create an evolving baseline that the security hardware could then compare to incoming potential threats.
“I’m doing something called a time series,” Botacin said. “That’s why I need hardware because it needs to do this profile very fast.”
“This three-year period, I will be doing multiple approaches to the problem that includes building the defensive mechanisms and evaluating them,” Botacin added. To evaluate the mechanisms, he “will develop attacks to the prototypes and develop robustness testing.”
The potential final product of this work would be the hardware simulation code and evaluation metrics. Release of the code will allow anyone to download and replicate the experiment, and hardware fabrication could soon follow.
Original content can be found at Texas A&M Engineering.