Using neural nets to snag malware before it strikes
The problem with most antivirus and antimalware software is that it often can’t detect malicious behavior until damage has already been done.
Abdullah Muzahid, an assistant professor of computer science at the University of Texas at San Antonio, has received a $450,000 National Science Foundation grant to support his work developing a way around that limitation. Specifically, Muzahid is working to develop an artificial intelligence system that can detect software bugs and security attacks in computer systems, often before they deploy.
According to Muzahid, the goal of his project is to create "a self-policing computer system that is accurate, adaptive and fast." The project -- called NFrame -- is the first application of neural nets to such a purpose, he said.
The NFrame hardware-based artificial neural network monitors the details of program activity. Modeled after brain activity, the network is designed to recognize system behaviors and make decisions based on those recognitions."“It can capture information about program execution, for example, which instructions getting executed, what memory locations are accessed, and which functions are called," Muzahid said.
When a program runs for the first time, NFrame learns just how it operates at the machine level. "After that," he said, "NFrame will monitor activity for signs of suspicious behavior." Since NFrame is a tool that learns, Muzahid said a critical part of the research will be training the neural net to recognize and short-circuit false positives.
"In our preliminary work, we focused on a specific type of bug that caused a memory rewrite issue," Muzahid explained. "If you look at a program that is working correctly there is a certain order in which memory operations are executed." The neural network hardware learns and remembers the order and location of those executions and then monitors for variances.
Thanks to the depth of activity being monitored and recorded at the machine level, Muzahid said that NFrame will be able to trace glitches to pinpoint security flaws or the source of a program bug. It can also, he said, prevent a program from sending data to an unauthorized third party.
"NFrame can not only tell you why something has gone wrong, but because of how it learns, it can also predict when something is about to go wrong in its system," he said.
Because NFrame is being designed into hardware rather than into software, Muzahid said it can run at much faster speeds. While he expects NFrame being eventually deployed on all computers, Muzahid said the five-year project is developing a system for deployment on mission-critical servers.
Posted by Patrick Marshall on Jun 26, 2017 at 1:36 PM