Real-Time Multi-Modal Measurements from Subcomponents for Late Stage Attack Detection/Mitigation


Sponsoring Agency
New York University


This project will develop approaches for real-time measurements of auxiliary signals that can be used to detect the existence of malicious/anomalous elements such as kernel rootkits, ransomware, and keyloggers. To show the proof of concept with a representative set of subcomponents, we will study the feasibility of monitoring real-time activity of network interface cards (NICs), keyboards, GPU, and SATA controllers using measurement code implanted into their firmware. A primary focus of the seedling will be to study the types of real-time measurements that can be obtained, measurement limits such as granularity and sampling rates, associated computational and communication overhead, types of anomalous behaviors that can be detected using these measurements, repeatability, and scalability of the measurements and analysis.

Research Area