Intel Threat Detection Technology Uses GPU To Speed Up Antivirus

Intel announced some new innovations in anti-virus technology that leverage GPUs and AI to enhance malware protection. The company calls it Intel Threat Detection Technology (TDT), and it consists of two technologies that are meant to speed up virus scans on consumer computers and enhance real-time threat detection in data centers.

Memory Scanning Sped Up With GPU Power

The first part (and most relevant for most users) of TDT is called Accelerated Memory Scanning. Memory scanning is a part of antivirus scans that checks for suspicious patterns in memory access. The idea is that checking the memory footprint of all currently running processes might reveal a malware whose code is well disguised enough that it managed to slip by the file-checking part of the scan. (The latter just checks every file on your disk to find executables that resemble known viruses, whereas the former is meant to catch viruses in execution.)

Running the memory scan is traditionally a CPU-intensive task, but Intel’s new method offloads it onto the GPU. The massively parallel nature of GPUs is well-suited to the task and, according to Intel, can bring the CPU usage of a memory scan down to 20% from 100%. This both speeds up the scan and leaves a computer usable while the scan is running. Intel said that Microsoft will soon integrate Advanced Memory Scanning into Windows Defender, which is Window’s built-in antivirus. There, it will speed up Full scans, which are currently run manually in the Advanced scan section of Windows Defender Security Center.

Intel processors from the 6th-gen (Skylake) and beyond will be able to perform Advanced Memory Scanning. The speedup will hopefully allow Full scans to be run more often and possibly even automatically. Currently, Windows 10 only runs Quick scans, which only does file scanning and basic memory scanning, automatically.

Real-Time Threat Recognition With AI

The second part of TDT is probably less relevant to consumers, but it’s interesting nonetheless. It’s called Intel Advanced Platform Telemetry, and it’s targeted at data centers and cloud-computing farms. It uses machine learning to analyze telemetry data of running computer systems.

“Telemetry data” here probably means any number of data points that Intel can snoop from its processors to characterize their activity. Intel didn’t expand on specifics, but we imagine that these could include cache misses and branch target misses, which are at the center of the Spectre and Meltdown vulnerabilities. The idea is that AI will be able to better recognize when processors are behaving abnormally, which could signify that they’re executing malware.

Whether TDT is a sign that Intel is truly sticking to its commitment of putting security first is up for debate, but it’s good to see the company leveraging its broad adoption in the market to improve security for both corporate and regular consumers.

  • wownwow
    Intel's putting security first doesn't mean much until it admits that its not following the privilege levels defined by itself is a design bug/overlook.

    What is the point of the fancy telemetry stuff if the company couldn’t even simply follow what was defined by itself and has been insisting that it's intended, not a bug?

    Can “Intel Threat Detection Technology” detect its not following what is defined by itself?
    Reply
  • stdragon
    BitDefender is already multi-threaded, multiple concurrent scans going on. It's also blazingly fast.

    I'm not sure how they do it, but if I had to guess, they perform an MD5 hash against every file, then go back and do a SHA1 or SHA256 hash to confirm no false-positives. In any case, I don't see the need for offloading this to the GPU
    Reply
  • Druidsmark
    I use Kapersky Internet Security which is good and just moving my games library over to a 1 terabyte ssd has all ready gained me a big performance boost as my virus scanner all runs much faster now. Will be moving my operating system over to a 250 gigabyte ssd on April 25 to replace the hard drive running my operating system in my computer. So should once again see my virus scanner run even better then it does once I have finished. Just switching from a hdd to a ssd is all I needed to do to improve and make my virus scanner run much faster and better.
    Reply
  • derekullo
    So mining rigs are really antivirus rigs?
    Reply
  • bit_user
    20897319 said:
    BitDefender is already multi-threaded, multiple concurrent scans going on. It's also blazingly fast.
    A Skylake i7 has 8 threads on 4 cores. The iGPU on the same chip has 168 threads on 24 cores. They run at a lower clock speed and each have fewer IPCs, but if the iGPU was otherwise sitting idle then it's a win.

    This is probably an area where Intel's iGPUs have the advantage over AMDs, which have only up to 11 cores. It really depends on how much of this is using scalar instructions & control flow vs. vector operations.

    20897319 said:
    I'm not sure how they do it, but if I had to guess, they perform an MD5 hash against every file, then go back and do a SHA1 or SHA256 hash to confirm no false-positives. In any case, I don't see the need for offloading this to the GPU
    If you read the article, they're talking about scanning running processes in memory - not scanning your files.
    Reply
  • Zaporro
    How about Intel actually fixes their shit on their own instead of dumping in on 3rd party hardware and software?
    They made flawed CPUs and now they want to fix it by.... using each user GPU and then making AV companies implement new feature to do so.
    So now the "my CPU is being constantly used by AV" will turn into "my CPU and GPU are hogged by AV".
    Reply
  • Xajel
    Good indeed, at least now people with dGPU will find some use to the CPU iGPU rather than a wasted silicon.

    But I hope it will become open standard, as it will be hard for a lot of people to jump to other AV software.. you know Windows defender will be disabled once an alternate AV software is used, plus Maybe other hardware companies can take it and improve it also, AMD & NV might have some interesting contribution rather than making it closed..
    Reply
  • milkod2001
    Most CPUs are on idle most of the times. Would not it be better to leave it as before instead to put more pressure on GPUs, especially integrated ones from Intel? I can see many crashes coming from this new approach.
    Reply
  • Druidsmark
    My computer is all ways in use when I'm at home so the cpu is rarely idle, how ever since installing a Geforce 1060 in my pc I do have the R7 grapgics in my A10 7800 sitting idle as it never gets used. So would be great if the R7 graphics in this system could be used for some thing like this instead of my cpu, as it would leave my cpu free for gaming where the cpu is needed more.
    Reply
  • stdragon
    Given nVidia's push into AI acceleration, and OS/App telemetry collection... Taken to the nth degree, it seems to me the industry is wanting to leverage hardware for "shadow computing" where's it's processing and collecting data not directly meaningful to us all while using valuable cycles in the process. Oh, but now HW accelerated. That's a "win", right??

    How about we just ditch the notion that shadow computing is even needed and save everyone else the trouble, eh?
    Reply