Intel Threat Detection Technology Uses GPU To Speed Up Antivirus

Intel announced some new innovations in anti-virus technology that leverage GPUs and AI to enhance malware protection. The company calls it Intel Threat Detection Technology (TDT), and it consists of two technologies that are meant to speed up virus scans on consumer computers and enhance real-time threat detection in data centers.

Memory Scanning Sped Up With GPU Power

The first part (and most relevant for most users) of TDT is called Accelerated Memory Scanning. Memory scanning is a part of antivirus scans that checks for suspicious patterns in memory access. The idea is that checking the memory footprint of all currently running processes might reveal a malware whose code is well disguised enough that it managed to slip by the file-checking part of the scan. (The latter just checks every file on your disk to find executables that resemble known viruses, whereas the former is meant to catch viruses in execution.)

Running the memory scan is traditionally a CPU-intensive task, but Intel’s new method offloads it onto the GPU. The massively parallel nature of GPUs is well-suited to the task and, according to Intel, can bring the CPU usage of a memory scan down to 20% from 100%. This both speeds up the scan and leaves a computer usable while the scan is running. Intel said that Microsoft will soon integrate Advanced Memory Scanning into Windows Defender, which is Window’s built-in antivirus. There, it will speed up Full scans, which are currently run manually in the Advanced scan section of Windows Defender Security Center.

Intel processors from the 6th-gen (Skylake) and beyond will be able to perform Advanced Memory Scanning. The speedup will hopefully allow Full scans to be run more often and possibly even automatically. Currently, Windows 10 only runs Quick scans, which only does file scanning and basic memory scanning, automatically.

Real-Time Threat Recognition With AI

The second part of TDT is probably less relevant to consumers, but it’s interesting nonetheless. It’s called Intel Advanced Platform Telemetry, and it’s targeted at data centers and cloud-computing farms. It uses machine learning to analyze telemetry data of running computer systems.

“Telemetry data” here probably means any number of data points that Intel can snoop from its processors to characterize their activity. Intel didn’t expand on specifics, but we imagine that these could include cache misses and branch target misses, which are at the center of the Spectre and Meltdown vulnerabilities. The idea is that AI will be able to better recognize when processors are behaving abnormally, which could signify that they’re executing malware.

Whether TDT is a sign that Intel is truly sticking to its commitment of putting security first is up for debate, but it’s good to see the company leveraging its broad adoption in the market to improve security for both corporate and regular consumers.

This thread is closed for comments
13 comments
    Your comment
  • wownwow
    Intel's putting security first doesn't mean much until it admits that its not following the privilege levels defined by itself is a design bug/overlook.

    What is the point of the fancy telemetry stuff if the company couldn’t even simply follow what was defined by itself and has been insisting that it's intended, not a bug?

    Can “Intel Threat Detection Technology” detect its not following what is defined by itself?
  • stdragon
    BitDefender is already multi-threaded, multiple concurrent scans going on. It's also blazingly fast.

    I'm not sure how they do it, but if I had to guess, they perform an MD5 hash against every file, then go back and do a SHA1 or SHA256 hash to confirm no false-positives. In any case, I don't see the need for offloading this to the GPU
  • Druidsmark
    I use Kapersky Internet Security which is good and just moving my games library over to a 1 terabyte ssd has all ready gained me a big performance boost as my virus scanner all runs much faster now. Will be moving my operating system over to a 250 gigabyte ssd on April 25 to replace the hard drive running my operating system in my computer. So should once again see my virus scanner run even better then it does once I have finished. Just switching from a hdd to a ssd is all I needed to do to improve and make my virus scanner run much faster and better.