Office of Research, UC Riverside
Nael Abu-Ghazaleh
Professor
Computer Science & Engineering
naelag@ucr.edu
(951) 827-5639


TWC:Small:Collaborative: Practical Hardware-Assisted Always-On Malware Detection

AWARD NUMBER
008424-002
FUND NUMBER
33279
STATUS
Closed
AWARD TYPE
3-Grant
AWARD EXECUTION DATE
7/25/2016
BEGIN DATE
9/1/2016
END DATE
8/31/2019
AWARD AMOUNT
$225,000

Sponsor Information

SPONSOR AWARD NUMBER
1619322
SPONSOR
NATIONAL SCIENCE FOUNDATION
SPONSOR TYPE
Federal
FUNCTION
Organized Research
PROGRAM NAME

Proposal Information

PROPOSAL NUMBER
16050533
PROPOSAL TYPE
New
ACTIVITY TYPE
Basic Research

PI Information

PI
Abu-Ghazaleh, Nael
PI TITLE
Other
PI DEPTARTMENT
Computer Science & Engineering
PI COLLEGE/SCHOOL
Bourns College of Engineering
CO PIs

Project Information

ABSTRACT

The project explores building support for malware detection in hardware. Malware detection is challenging and resource intensive, as the number and sophistication of malware increases. The resource requirements for malware detection limit its use in practice, leaving malware unchecked on many systems. We use a low level hardware detector to identify malware as a computational anomaly using low level features such as hardware events, instruction mixes and memory address patterns. Once malware is suspected, we inform a higher level software detection or protection mechanism that can focus its resources only on suspected malware. The detector uses low complexity machine learning approaches to classify malware from normal programs using implementations that are feasible in hardware.

The project explores countermeasures based on adversarial machine learning to limit attackers trying to evade detection, develops secure integration between the hardware and software detection, and evaluates implementation tradeoffs. The project contributes a new approach to improve the effectiveness of malware detection and to allow systems to be protected continuously without requiring the large resource investment needed by software monitors. The project holds the promise of significantly impacting an area of critical national need to help secure systems against the expanding threats of malware. The principles pursued in the proposal can generalize to different computational environments including mobile phones, clouds, and cyberphysical systems.
(Abstract from NSF)