Created at the Georgia Tech College of Computing, Gyrus is intended to stop malware from, for example, converting a user's intended $2 payment to a friend through PayPal into a $2,000 transfer to the account of the malware creator.
Current protection programs might recognize the original user's intent to send email, transfer money or engage in other transactions but cannot verify the specifics such as email contents or amount of money involved, the researchers said.
Users of Gyrus would establish pre-defined rules that help the software determine whether commands fit with established user intentions, the researchers said.
The intention is to prevent malware of changing what the user thinks they are sending, with Gyrus creating a "What You See Is What You Send" (WYSIWYS) policy, they said.
"The idea of defining correct behavior of an application by capturing user intent is not entirely new, but previous attempts in this space use an overly simplistic model of the user's behavior," study leader and doctoral student Yeongjin Jang said.
"For example, they might infer a user's intent based on a single mouse click without capturing any associated context so the attackers can easily disguise attacks as a benign behavior.
"Instead, Gyrus captures richer semantics including both user actions and text contents, along with applications semantics, to make the system send only user-intended network traffic.
"Gyrus indirectly but correctly determines user intent from the screen that is displayed to the user."