Khaled N. Khasawneh
Ph.D. Student in Computer Science at UCR

Computer Science & Engineering Department
University of California, Riverside
Riverside, CA 92521

Email: kkhas001 [at] ucr [dot] edu

Google Scholar


About Me

I am a PhD candidate at the Department of Computer Science & Engineering, University of California, Riverside. I am working with Prof. Nael Abu-Ghazaleh. My research interests are in architecture support for security, malware detection, adversarial machine learning, side channels, and covert channels.


Jul 14, 2017
Saba (my wife) & I won student travel grants to attend KDD 2017!.
Jul 2, 2017
Two papers accepted to Micro 2017!.
Feb 10, 2017
Our paper on mitigating LLC side-channel will appear on DAC 2017.
Nov 11, 2016
Our hardware-based malware detection papers (RAID'15 & TC'16) are in the news!. Sample articles: Security Intelligence, Bleeping Computer, Digital Trends, HelpNetSecurity, Science Explorer


Design and Architecture of Computer Systems (Fall 2016)


Conference Papers


RHMD: Evasion-Resilient Hardware Malware Detectors MICRO '17

Khaled N. Khasawneh, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Lei Yu
The 50th International Symposium on Microarchitecture (MICRO), 2017. (acceptance rate: 18.6%)


Constructing and Characterizing Covert Channels on GPGPUs MICRO '17

Hoda Naghibi, Khaled N. Khasawneh, and Nael Abu-Ghazaleh
The 50th International Symposium on Microarchitecture (MICRO), 2017. (acceptance rate: 18.6%)


RIC: Relaxed Inclusion Caches for Mitigating LLC Side-Channel Attacks DAC '17

Mehmet Kayaalp, Khaled N. Khasawneh, Hodjat Esfeden, Jesse Elwell, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Aamer Jaleel
54th Annual Design Automation Conference (ACM DAC '17). (acceptance rate: 24%)

Recently, side-channel attacks on Last Level Caches (LLCs) were demonstrated. The attacks require the ability to evict critical data from the cache hierarchy, making future accesses visible. We propose Relaxed Inclusion Caches (RIC), a low-complexity cache design protecting against LLC side channel attacks. RIC relaxes inclusion when it is not needed, preventing the attacker from replacing the victim's data from the local core caches thus protecting critical data from leakage. RIC improves performance (by about 10%) and retains snoop filtering capabilities of inclusive cache hierarchies, while requiring only minimal changes to the cache.
title={RIC: Relaxed Inclusion Caches for Mitigating LLC Side-Channel Attacks},
author={Kayaalp, Mehmet and Khasawneh, Khaled N and Esfeden, Hodjat Asghari and Elwell, Jesse and Abu-Ghazaleh, Nael and Ponomarev, Dmitry and Jaleel, Aamer},
booktitle={Proceedings of the 54th Annual Design Automation Conference 2017},

Ensemble Learning for Low-level Hardware-supported Malware Detection RAID '15

Khaled N. Khasawneh, Meltem Ozsoy, Caleb Donovick, Nael Abu-Ghazaleh, and Dmitry Ponomarev
18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID-18), Kyoto, Japan, November 2015. (acceptance rate: 23.5%)

Recent work demonstrated hardware-based online malware detection using only low-level features. This detector is envisioned as a first line of defense that prioritizes the application of more expensive and more accurate software detectors. Critical to such a framework is the detection performance of the hardware detector. In this paper, we explore the use of both specialized detectors and ensemble learning techniques to improve performance of the hardware detector. The proposed detectors reduce the false positive rate by more than half compared to a single detector, while increasing the detection rate. We also contribute approximate metrics to quantify the detection overhead, and show that the proposed detectors achieve more than 11x reduction in overhead compared to a software only detector (1.87x compared to prior work), while improving detection time. Finally, we characterize the hardware complexity by extending an open core and synthesizing it on an FPGA platform, showing that the overhead is minimal.
@inproceedings{Khasawneh:2015:ELL:2939207.2939209, author = {Khasawneh, Khaled N. and Ozsoy, Meltem and Donovick, Caleb and Abu-Ghazaleh, Nael and Ponomarev, Dmitry}, title = {Ensemble Learning for Low-Level Hardware-Supported Malware Detection}, booktitle = {Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404}, series = {RAID 2015}, year = {2015}, isbn = {978-3-319-26361-8}, location = {Kyoto, Japan}, pages = {3--25}, numpages = {23}, url = {}, doi = {10.1007/978-3-319-26362-5_1}, acmid = {2939209}, publisher = {Springer-Verlag New York, Inc.}, address = {New York, NY, USA}, }

Journal Article


Hardware-based Malware Detection using Low-level Architectural Features TC '16

Meltem Ozsoy, Khaled N. Khasawneh, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, Dmitry Ponomarev
IEEE Transactions on Computers (TC), 2016. (extends HPCA'15)

Security exploits and ensuant malware pose an increasing challenge to computing systems as the variety and complexity of attacks continue to increase. In response, software-based malware detection tools have grown in complexity, thus making it computationally difficult to use them to protect systems in real-time. Therefore, software detectors are applied selectively and at a low frequency, creating opportunities for malware to remain undetected. In this paper, we propose Malware-Aware Processors (MAP) - processors augmented with a hardware-based online malware detector to serve as the first line of defense to differentiate malware from legitimate programs. The output of this detector helps the system prioritize how to apply more expensive software-based solutions. The always-on nature of MAP detector helps protect against intermittently operating malware. We explore the use of different features for classification and study both logistic regression and neural networks. We show that the detectors can achieve excellent performance, with little hardware overhead. We integrate the MAP implementation with an open-source x86-compatible core, synthesizing the resulting design to run on an FPGA.

title={Hardware-Based Malware Detection Using Low-Level Architectural Features},
author={Ozsoy, Meltem and Khasawneh, Khaled N and Donovick, Caleb and Gorelik, Iakov and Abu-Ghazaleh, Nael and Ponomarev, Dmitry},
journal={IEEE Transactions on Computers},

Academic Professional Service


Dean’s Distinguished Fellowship, Bourns College of Engineering, University of California, Riverside.
Student Travel Scholarship, Trusted Infrastructure Workshop, The Pennsylvania State University.
Jordanian Representative, Annual International Microelectronics Olympiad of Armenia, hosted by Synopsys.
Dean's Honor List, Computer & Information Technology College, Jordan University of Science & Technology.


Welcome! you are the web counter free th vistor of my homepage.

Free Visitor Maps at