Emerging Tech

Blog archive
machine-level malware (Inked Pixels/Shutterstock.com)

Using neural nets to snag malware before it strikes

The problem with most antivirus and antimalware software is that it often can’t detect malicious behavior until damage has already been done. 

Abdullah Muzahid, an assistant professor of computer science at the University of Texas at San Antonio, has received a $450,000 National Science Foundation grant to support his work developing a way around that limitation.  Specifically, Muzahid is working to develop an artificial intelligence system that can detect software bugs and security attacks in computer systems, often before they deploy.

According to Muzahid, the goal of his project is to create "a self-policing computer system that is accurate, adaptive and fast." The project -- called NFrame -- is the first application of neural nets to such a purpose, he said.

The NFrame hardware-based artificial neural network monitors the details of program activity.  Modeled after brain activity, the network is designed to recognize system behaviors and make decisions based on those recognitions."“It can capture information about program execution, for example, which instructions getting executed, what memory locations are accessed, and which functions are called," Muzahid said.

When a program runs for the first time, NFrame learns just how it operates at the machine level.  "After that," he said, "NFrame will monitor activity for signs of suspicious behavior." Since NFrame is a tool that learns, Muzahid said a critical part of the research will be training the neural net to recognize and short-circuit false positives.

"In our preliminary work, we focused on a specific type of bug that caused a memory rewrite issue," Muzahid explained.  "If you look at a program that is working correctly there is a certain order in which memory operations are executed." The neural network hardware learns and remembers the order and location of those executions and then monitors for variances.   

Thanks to the depth of activity being monitored and recorded at the machine level, Muzahid said that NFrame will be able to trace glitches to pinpoint security flaws or the source of a program bug.  It can also, he said, prevent a program from sending data to an unauthorized third party.

"NFrame can not only tell you why something has gone wrong, but because of how it learns, it can also predict when something is about to go wrong in its system," he said. 

Because NFrame is being designed into hardware rather than into software, Muzahid said it can run at much faster speeds.  While he expects NFrame being eventually deployed on all computers, Muzahid said the five-year project is developing a system for deployment on mission-critical servers.

Posted by Patrick Marshall on Jun 26, 2017 at 1:36 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.