SBIR Phase II: Anomaly and malware detection using AC power analysis

SBIR 第二阶段：使用交流电源分析进行异常和恶意软件检测

• 批准号: 1555816
• 负责人: Benjamin Ransford
• 金额: $ 74.82万
• 依托单位: Virta Laboratories Inc.
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-04-01 至 2018-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1555816&HistoricalAwards=false
• 关键词: SBIR; Phase; II; Anomaly; malware

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase II project will be an improved cybersecurity posture among industries that rely on mission-critical computing systems that are difficult to patch and/or monitor. Many technical failures on these systems, including information breaches, equipment malfunctions, and malware infestations, stem from longstanding problems that go undetected. This project develops nonintrusive measurement and analytics tools that give IT operators operational visibility into high-assurance assets, increasing confidence in their correct operation. This project will reduce losses due to unscheduled maintenance across industries, improve the trustworthiness of embedded and semi-embedded systems such as software-based medical devices, and reduce the business risk of breaches and malware damage at organizations that rely on hard-to-manage devices. This project also advances the state of the art in detecting rogue software execution and other anomalies through nonintrusive side channels, such as observing power signals collected on a wall outlet. This Small Business Innovation Research (SBIR) Phase II project aims to extend operational visibility of IT departments into mission-critical computing equipment using a novel combination of nonintrusive signal collection and machine learning. From infusion pumps to Internet routers to retail point-of-sale terminals, organizations rely on fixed-purpose computing systems. With this reliance comes three key risks. First, the effects of unscheduled interruptions to critical systems ripple outward to other business areas. Second, critical systems are often incompatible with constantly changing mainstream tools such as host-based antivirus and intrusion-detection systems. Third, critical systems often lag behind other systems patch levels because they are rarely taken out of service for patching. This project addresses these challenges by providing nonintrusive monitoring for critical systems in situ, reducing the risk of unscheduled downtime due to abnormal behavior. The company's monitoring hardware and software observe software execution from the vantage point of the power line, requiring no modifications to monitored systems and extending the ability of operators to understand what critical systems are doing.

小型企业创新研究(SBIR)第二阶段项目的更广泛影响/商业潜力将是改善依赖于难以修补和/或监控的任务关键型计算系统的行业的网络安全状况。这些系统上的许多技术故障，包括信息泄露、设备故障和恶意软件感染，都源于长期未被发现的问题。该项目开发了非侵入性测量和分析工具，使IT操作员能够了解高保证资产的运营情况，增强了对其正确运营的信心。该项目将减少跨行业计划外维护造成的损失，提高嵌入式和半嵌入式系统(如基于软件的医疗设备)的可信性，并降低依赖于难以管理的设备的组织的入侵和恶意软件损坏的业务风险。该项目还提高了通过非侵入性旁路检测流氓软件执行和其他异常的技术水平，例如观察墙上插座上收集的电源信号。该小型企业创新研究(SBIR)第二阶段项目旨在使用非侵入性信号收集和机器学习的新组合，将IT部门的运营可见性扩展到任务关键型计算设备。从输液泵到互联网路由器再到零售终端，组织都依赖于固定用途的计算系统。这种依赖伴随而来的是三个关键风险。首先，对关键系统的意外中断的影响波及到其他业务领域。其次，关键系统往往与不断变化的主流工具不兼容，如基于主机的防病毒和入侵检测系统。第三，关键系统通常落后于其他系统补丁级别，因为它们很少因打补丁而停止服务。该项目通过在现场为关键系统提供非侵入性监控来应对这些挑战，从而降低因异常行为导致计划外停机的风险。该公司的监控硬件和软件从电力线的有利位置观察软件执行情况，不需要修改被监控的系统，并增强了操作员了解关键系统正在做什么的能力。