Nathanael Paul, Adrienne Felt, David Evans, Sudhanva Gurumurthi; University of Virginia
Modern disk drive processors are now capable of general purpose computation, and we can harness this new power to implement malware detection directly on the disk drive. All data owing to and from the hard drive must pass through the disk drive processor. This key property makes the disk processor the «nal line of defense against malware, since it is privy to the low-level behavior of viruses that wish to alter data on the host. Disk-level malware detection uses the disk processor to identify threats based on patterns of I/O requests.