SBIR Phase I: Anomaly and malware detection using side channel analysis

SBIR Phase I: Anomaly and malware detection using side channel analysis

Award Information
Agency: National Science Foundation
Branch: N/A
Contract: 1448440
Agency Tracking Number: 1448440
Amount: $150,000.00
Phase: Phase I
Program: SBIR
Awards Year: 2015
Solicitation Year: 2015
Solicitation Topic Code: IC
Solicitation Number: N/A
Small Business Information
1327 Jones Dr., Ste. 106, Ann Arbor, MI, 48105
DUNS: 079378540
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Denis Foo Kune
 (734) 430-0979
 denis@virtalabs.com
Business Contact
 Denis Foo Kune
Phone: (734) 430-0979
Email: denis@virtalabs.com
Research Institution
N/A
Abstract
The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project is the improvement of trustworthy software execution. The proposed system, composed of a hardware monitoring device and a cloud-based security analytics engine, will detect process anomalies and malware in equipment where traditional anti-virus products cannot be installed. This solution externally observes system activity by analyzing side-channel phenomena such as power consumption. Unlike traditional anti-virus products that may interfere with normal operations and require constant updates, these side-channel measurements are independent of the software running on commercial equipment such as medical devices or point-of-sale terminals. The proposed method processes those measurements with a continuous cloud-based machine-learning engine and integrates multiple data sources to provide IT professionals with a reliable source of timely, actionable results. If successful, this project will help technicians quickly catch anomalous behavior, including malware, before it spreads to other devices. This Small Business Innovation Research (SBIR) Phase I project explores the independent, nonintrusive detection of anomalous behavior, including malware, on high-assurance computing devices. Many commercial appliances, such as medical devices, run commodity operating systems but cannot support traditional anti-virus programs that consume precious resources and require frequent database updates. This incompatibility has resulted in widespread malware infections on equipment at hospitals, retailers and critical facilities. The proposed research will involve continuously monitoring the power consumption side-channel without disrupting normal operations. The intellectual merit of the project lies in cloud-based, high-frequency measurements and correlation of equipment behavior in order to quickly and accurately identify anomalous operations at scale. The goal of the proposed research is to correlate side-channel outputs with system activity across geographically diverse sets of equipment in order to improve anomaly, breach, and malware detection in real-world deployments.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government