Security researchers have developed a new method for detecting evasive malware on IoT devices that employs electromagnetic field emanations. Even in obfuscation situations, the method works.
What’s the big deal?
Researchers from the Research Institute of Computer Science and Random Systems (IRISA) presented their findings at the Annual Computer Security Applications Conference (ACSAC).
When abnormalities in emanations diverge from previously established patterns and suspicious behaviour in the system’s normal state, hackers exploit the side channel details to detect them.
The approach detects and classifies kernel-level rootkits, ransomware, and unknown variations without requiring any on-device changes.
The malware can’t detect the electromagnetic radiation calculated from the gadget. As a result, unlike with dynamic software monitoring, malware evasion strategies cannot be used directly in this instance.
Furthermore, malware usually has no control over external hardware, thus a protection system based on hardware features cannot be turned off, even if it is disabled even when malware has full access to the system.
Equipment that was utilised
Researchers employed a Raspberry Pi 2B target device with 1GB of memory and a 900MHz quad-core ARM Cortex A7 processor, as well as a PA 303 BNC preamplifier and oscilloscope, in the experiment. With an accuracy of 99.82 percent and 99.61 percent, this system was able to detect three malware families.
How does it work?
The method involves three phases: measuring electromagnetic emissions while executing 30 different malware binaries, performing benign activities to train a Convolutional Neural Network (CNN) model to classify malware samples, and training a Convolutional Neural Network (CNN) model to classify malware samples.
The framework, in instance, takes an executable as input and uses side-channel information to output malware labels.
Researchers were able to obtain useful information about the state of a monitored item by using simple neural network models.
It works against a variety of code obfuscation/transformations, including random trash insertion, virtualization, and packing, as well as a previously unknown transformation.
Notes on the End
IoT appliances are a lucrative target for cybercriminals due to their rapid development and acceptance. The attack surface is substantially larger, making stealthy malware more difficult to detect. To avoid potential security threats, researchers are required to develop malware analysis techniques.