Using Electromagnetic Emissions To Detect Evasive Malware On IoT Devices

Cybersecurity researchers have proposed a novel approach that utilizes electromagnetic field emanations from the Internet of Things (IoT) devices as a side channel to glean precise knowledge about the various types of malware targeting embedded systems, even in cases where obfuscation techniques have been used to impede analysis.

With the rapid adoption of IoT appliances presenting an attractive attack surface for threat actors, in part because they are equipped with more processing power and capable of running fully functional operating systems, the most recent research aims to enhance malware analysis to mitigate potential security risks.

A group of researchers from the Research Institute of Computer Science and Random Systems (IRISA) presented their findings at the Annual Computer Security Applications Conference (ACSAC) held last month.

The researchers Duy-Phuc Pham, Damien Marion, Matthieu Mastio, and Annelie Heuser wrote in a paper: “[Electromagnetic] emission measured from the device is practically undetectable by the malware.” “Consequently, malware evasion techniques cannot be applied straightforwardly, unlike dynamic software monitoring. In addition, since malware does not have control over external hardware features, a protection system dependent on hardware features cannot be disabled, even if the malware possesses the highest privilege on the system.”

The objective is to utilize side-channel information to detect anomalies in emanations when they deviate from previously observed patterns and to generate an alert when suspicious behavior emulating malware is recorded relative to the system’s normal state.

In addition to requiring no modifications to the target devices, the framework developed in this study enables the detection and classification of stealthy malware, such as kernel-level rootkits, ransomware, and distributed denial-of-service (DDoS) botnets like Mirai, including variants that have not yet been observed.

In three phases, the side channel approach involves measuring electromagnetic emissions when executing 30 distinct malware binaries and performing benign video, music, picture, and camera-related activities to train a convolutional neural network (CNN) model for classifying real-world malware samples. In particular, the framework accepts an executable as input and outputs its malware label using only side-channel information.

In an experimental setup, the researchers chose a Raspberry Pi 2B with a 900 MHz quad-core ARM Cortex A7 processor and 1 GB of memory as the target device. The electromagnetic signals were acquired and amplified using a combination of an oscilloscope and a PA 303 BNC preamplifier, accurately predicting the three malware types and their associated families with 99.82% and 99.61% accuracy, respectively.

The researchers concluded, “By employing simple neural network models, it is possible to obtain substantial information about the state of a monitored device by observing only its [electromagnetic] emanations.” “Our system is resistant to various code transformation/obfuscation techniques, such as random junk insertion, packing, and virtualization, even when the transformation was not previously known to the system.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Active Firewall Vulnerability Triggers CISA Warning

August 23, 2022

CISA warns that Palo Alto Networks’ PAN-OS is currently under active attack and should be patched immediately. The software that operates Palo Alto Networks’ firewalls is under attack, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to warn public…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.