With the fast usage of IoT devices, also becoming a lucrative target for threat actors, the reason being these devices are equipped with higher processing power and capability of running a fully functional OS, recent studies aim to better malware research to decrease potential security risks. These results were brought out by a group of researchers from IRISA (Research Institute of Computer Science and Random Systems) at the Annual Computer Security Applications Conference (ACSAC).
"Electromagnetic emanation that is measured from the device is practically undetectable by the malware," academicians Duy-Phuc Pham, Damien Marion, Matthieu Mastio, and Annelie Heuser said in their research paper. "Therefore, malware evasion techniques cannot be straightforwardly applied unlike for dynamic software monitoring. Also, since a malware does not have control on outside hardware-level, a protection system relying on hard]ware features cannot be taken down, even if the malware owns the maximum privilege on the machine," they further mentioned.
The aim is to get benefits from the side channel information to find out flaws in emissions when they deviate from earlier observed paths and raise an alarm if a malicious pattern emulating the virus is observed in contrast to the device's normal behavior. The process doesn't require any modifications on selected systems, the framework given in the paper allows finding and classifying stealthy malware like kernel-level rootkits, DDoS (distributed denial of service) attacks, ransomware and, other variants.
The process takes place in three stages, side-channel stage involves measuring electromagnetic emanations while performing thirty different malware and executing video, music, camera, and picture-related tasks for training convolutional neural network (CNN) model for categorizing real-world malware samples. "By using simple neural network models, it is possible to gain considerable information about the state of a monitored device, by observing solely its electromagnetic emanations," the report says.
