MalChain: Run-time detection of malicious virtualized components in 5G networks
5G (ENCQOR) Technology Development Challenge
MalChain: Run-time detection of malicious virtualized components in 5G networks
 
			Challenge Launch Date
May 15th, 2019
Challenge Deadline
July 28, 2019 (This call for projects has expired. Notices of interest are no longer accepted.)
Challenge Statement
There is a never-ending struggle between malwares and malware detection and mitigation techniques. Continuously, malware detection methods are improving to provide safer environments for applications to run. However, malware developers continuously improve their attacks.
Another challenge is to detect and mitigate new and zero-day attacks with innovative methodologies to remain one step ahead of attackers. This is fundamentally hard and requires exploration of new angles and exploitation of unconventional methodologies with the help of cuttingedge technologies such as AI in general and specifically deep learning.
Furthermore, a continuous shift across the whole telecom sector from conventional networks to virtualized networks such as NFV, SDN, and service chaining, provides enormous opportunity in 5G networks for optimized and shared utilization of the infrastructure in a sliced network paradigm. This new paradigm can be used to develop new security mechanisms based on virtualization and orchestration.
Finally, 5G is a main enabler for the Internet of Things, enhancing its utilization in many critical verticals such as industrial automation, healthcare, and smart cities. These new verticals in 5G need to be accompanied with security guarantees and assurances.
Project Partner
Ericsson Canada Inc.
Timeline
3 years
Available funding
$150,000 CAD (50,000 per year, renewable every year)
Applicant Type
Quebec based College/University
Location
Montreal is the main hub, though the research and development can be completed remotely with scheduled online meetings and face-to-face workshops.
Project Details
The main objective of this proposal is to provide an innovative methodology for profiling the normal behavior of an entity in NFV environment. The entity can be a process, a microservice, a virtual service function (VNF), or a service chain. The profiling operation can be done on a broad range of inputs.
The proposed methodology must provide a correlation between collected data and what is happening inside the virtualized function (or along the chain).
Deliverables:
 Note that in the proposal, the deliverables should be detailed into yearly results to be achieved for the project.
- State-of-the-art studies
 o A study on malware detection techniques with a focus on new and zero-day attacks
 o A study on malware detection in virtualized environment
 o A study on system behavior profiling
- Publications
 o A survey on state of malware detection in virtualized environments.
 o Publishing the result of the implementation of the new proposal
- PoC
 o A proof of concept for malware detection in a real-world application in Telecom area
This challenge strategically important for the development of the industry and the ENCQOR consortium since:
- Survey paper sheds a light on the current state of malware detection in virtualized environment and will expose the unfilled gaps in that landscape with proposed solutions.
- The PoC, will prove the feasibility of the approach with demonstration of robust results.
Project Goals/Outcomes
- Highlighting the importance of virtualization security in 5G networks
- Illustrating new ways of malware detection for new and zero-day attacks
- Demonstration of proposed methods on real word applications
 o Publishing in first tier security conferences
 o PoC implementation and integration
Applicant Capabilities
- Good understanding of virtualized environments: VM, Container, Services, NFV
- Good understanding of Linux OS: Kernel, syscalls
- Hands-on experience: Python, VMWare/VirtualBox
- Cybersecurity/Kubernetes/Machine learning knowledge is a plus
Additional Information
- It should be noted that Ericsson Canada solutions are proprietary of potential patented and trade secrets. Academic applicants must be willing to work under a Non-Disclosure Agreement (NDA) with Ericsson.
- Ericsson is open to a possible NSERC CRD project based on this funding
 
					