Posted on Friday, July 27 2018 @ 11:54 CEST by Thomas De Maesschalck
Intel outlined Accelerated Memory Scanning and Advanced Platform Telemetry system, two new techniques to fight malware at the hardware level. Accelerated Memory Scanning will work by offloading the detection of memory-based attacks to the CPU's integrated graphics. In internal testing, Intel figured out that GPGPU computing this technique drops CPU utilization from 20 percent to 2 percent. The second technique combines telemetry tracking and cloud-based machine learning to detect advance threats.
According to the company, when malicious code resides on the hard drive it can be obfuscated or simply encrypted. Theoretically, when it ends up in memory it becomes easier to detect.
The process of scanning memory for signs of malware is maintained by an Intel driver and runs in the so-called application ring, or Ring 3. However, the capabilities of this solution can be expanded to the kernel, or Ring 0. The scan intensity can be adjusted to GPU load. For instance, if the user is playing a video game, the scan job can be postponed or assigned to spare cores of the graphics processing unit only.
More details
at BetaNews.
