You are here

SBIR Phase I: Anomaly and malware detection using side channel analysis

Award Information
Agency: National Science Foundation
Branch: N/A
Contract: 1448440
Agency Tracking Number: 1448440
Amount: $150,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: IC
Solicitation Number: N/A
Solicitation Year: 2015
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-01-01
Award End Date (Contract End Date): 2016-01-31
Small Business Information
1327 Jones Dr. Ste. 106
Ann Arbor, MI 48105
United States
DUNS: 079378540
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Denis Foo Kune
 (734) 430-0979
Business Contact
 Denis Foo Kune
Phone: (734) 430-0979
Research Institution

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project is the improvement of trustworthy software execution. The proposed system, composed of a hardware monitoring device and a cloud-based security analytics engine, will detect process anomalies and malware in equipment where traditional anti-virus products cannot be installed. This solution externally observes system activity by analyzing side-channel phenomena such as power consumption. Unlike traditional anti-virus products that may interfere with normal operations and require constant updates, these side-channel measurements are independent of the software running on commercial equipment such as medical devices or point-of-sale terminals. The proposed method processes those measurements with a continuous cloud-based machine-learning engine and integrates multiple data sources to provide IT professionals with a reliable source of timely, actionable results. If successful, this project will help technicians quickly catch anomalous behavior, including malware, before it spreads to other devices. This Small Business Innovation Research (SBIR) Phase I project explores the independent, nonintrusive detection of anomalous behavior, including malware, on high-assurance computing devices. Many commercial appliances, such as medical devices, run commodity operating systems but cannot support traditional anti-virus programs that consume precious resources and require frequent database updates. This incompatibility has resulted in widespread malware infections on equipment at hospitals, retailers and critical facilities. The proposed research will involve continuously monitoring the power consumption side-channel without disrupting normal operations. The intellectual merit of the project lies in cloud-based, high-frequency measurements and correlation of equipment behavior in order to quickly and accurately identify anomalous operations at scale. The goal of the proposed research is to correlate side-channel outputs with system activity across geographically diverse sets of equipment in order to improve anomaly, breach, and malware detection in real-world deployments.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government