A New Approach to Detect Stealthy Malware on IoT Devices

A-New-Approach-to-Detect-Stealthy-Malware-on-IoT-Devices.

Security researchers have developed a new method for detecting evasive malware on IoT devices that employs electromagnetic field emanations. Even in obfuscation situations, the method works.

What’s the big deal?

Researchers from the Research Institute of Computer Science and Random Systems (IRISA) presented their findings at the Annual Computer Security Applications Conference (ACSAC).

When abnormalities in emanations diverge from previously established patterns and suspicious behaviour in the system’s normal state, hackers exploit the side channel details to detect them.

The approach detects and classifies kernel-level rootkits, ransomware, and unknown variations without requiring any on-device changes.

The malware can’t detect the electromagnetic radiation calculated from the gadget. As a result, unlike with dynamic software monitoring, malware evasion strategies cannot be used directly in this instance.

Furthermore, malware usually has no control over external hardware, thus a protection system based on hardware features cannot be turned off, even if it is disabled even when malware has full access to the system.

Equipment that was utilised

Researchers employed a Raspberry Pi 2B target device with 1GB of memory and a 900MHz quad-core ARM Cortex A7 processor, as well as a PA 303 BNC preamplifier and oscilloscope, in the experiment. With an accuracy of 99.82 percent and 99.61 percent, this system was able to detect three malware families.

How does it work?

The method involves three phases: measuring electromagnetic emissions while executing 30 different malware binaries, performing benign activities to train a Convolutional Neural Network (CNN) model to classify malware samples, and training a Convolutional Neural Network (CNN) model to classify malware samples.

The framework, in instance, takes an executable as input and uses side-channel information to output malware labels.

Researchers were able to obtain useful information about the state of a monitored item by using simple neural network models.

It works against a variety of code obfuscation/transformations, including random trash insertion, virtualization, and packing, as well as a previously unknown transformation.

Notes on the End

IoT appliances are a lucrative target for cybercriminals due to their rapid development and acceptance. The attack surface is substantially larger, making stealthy malware more difficult to detect. To avoid potential security threats, researchers are required to develop malware analysis techniques.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.