Emerging Tech

Blog archive
machine-level malware (Inked Pixels/Shutterstock.com)

Using neural nets to snag malware before it strikes

The problem with most antivirus and antimalware software is that it often can’t detect malicious behavior until damage has already been done. 

Abdullah Muzahid, an assistant professor of computer science at the University of Texas at San Antonio, has received a $450,000 National Science Foundation grant to support his work developing a way around that limitation.  Specifically, Muzahid is working to develop an artificial intelligence system that can detect software bugs and security attacks in computer systems, often before they deploy.

According to Muzahid, the goal of his project is to create "a self-policing computer system that is accurate, adaptive and fast." The project -- called NFrame -- is the first application of neural nets to such a purpose, he said.

The NFrame hardware-based artificial neural network monitors the details of program activity.  Modeled after brain activity, the network is designed to recognize system behaviors and make decisions based on those recognitions."“It can capture information about program execution, for example, which instructions getting executed, what memory locations are accessed, and which functions are called," Muzahid said.

When a program runs for the first time, NFrame learns just how it operates at the machine level.  "After that," he said, "NFrame will monitor activity for signs of suspicious behavior." Since NFrame is a tool that learns, Muzahid said a critical part of the research will be training the neural net to recognize and short-circuit false positives.

"In our preliminary work, we focused on a specific type of bug that caused a memory rewrite issue," Muzahid explained.  "If you look at a program that is working correctly there is a certain order in which memory operations are executed." The neural network hardware learns and remembers the order and location of those executions and then monitors for variances.   

Thanks to the depth of activity being monitored and recorded at the machine level, Muzahid said that NFrame will be able to trace glitches to pinpoint security flaws or the source of a program bug.  It can also, he said, prevent a program from sending data to an unauthorized third party.

"NFrame can not only tell you why something has gone wrong, but because of how it learns, it can also predict when something is about to go wrong in its system," he said. 

Because NFrame is being designed into hardware rather than into software, Muzahid said it can run at much faster speeds.  While he expects NFrame being eventually deployed on all computers, Muzahid said the five-year project is developing a system for deployment on mission-critical servers.

Posted by Patrick Marshall on Jun 26, 2017 at 1:36 PM


  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.