The rapid growth of the mobile computer and smartphone market has spurred an increasing need for effective means of protecting users from malware. Existing antivirus (AV) software is only partially effective at combating malware because its heavy reliance on static analysis necessarily lags behind the rate at which new threats are developed or generated. The technology is a hardware method for detecting malware and side-channel attacks on computers and smartphones via software runtime data gathered from performance time varying counters found in most computing hardware. This method uses non-linear machine learning to classify whether the runtime behavior of executing software is abnormal, and thus indicative of present malware. This approach obviates the need to perform exhaustive searches for static malware signatures and enables detection of malware variations that would not be detected by traditional AV software.
Scanning for static signatures of the vast array of identified malware software consumes valuable computing resources that can adversely impact performance on mobile devices. By using performance measurements obtained from existing hardware counters built into computing devices, the technology eliminates the high overhead associated with scanning for the static signatures of the vast array of identified malware. Detection of malware by classifying runtime behavior that is not appreciably altered by variations in the malware also increases robustness against unidentified versions of malware that are not yet known to traditional AV software.
The hardware performance data collection performed to train and test the technology has been developed for Linux and Android platforms. The technology’s malware detection engine has been implemented on Linux, and a hardware-based architecture for running the engine has been proposed.
Tech Ventures Reference: IR CU13241