REMOTE: Robust External Malware Detection Framework by Using Electromagnetic Signals

Sehatbakhsh, Nader; Nazari, Alireza; Alam, Monjur; Werner, Frank T.; Zhu, Yuanda; Zajić, Alenka; Prvulovic, Milos

doi:10.1109/tc.2019.2945767

Cited by 36 publications

(10 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A common idea to take advantage of side channel information to detect anomalies is to observe how the system behaves in its normal state, and to raise an alert when a new behavior is recorded. In [19,33], the authors propose to detect malware by observing EM signals. During the monitoring, if the observed EM emanations deviate from the previously observed patterns, this is reported as an anomalous or malicious activity.…”

Section: State-of-the-artmentioning

confidence: 99%

“…Additionally, the usual benign activities for an embedded IoT device such as Linux utilities, device sleep, photo capture, network connections, as well as long duration of executable runtime such as media player, camera capture, video encoder, data backup, data (de)compression (Table 2). This collection varies from short Notably in previous studies using EM emanation, the construction of benign dataset is not considered, or benign activity is only associated with either free-malware activities or benchmark software [6,19,24,33,35]. It simplifies detection drastically and is not realistic where malware, update services as well as IoT activities may share the same behaviors by calling executables from system and third parties.…”

Section: Benign Datasetmentioning

confidence: 99%

“…Our research focuses on a very general malware classification challenge rather than a narrowed solution to any specific device, in particular, as related works did not show diversity in results or analysis techniques across multiple devices (e.g. [33]).…”

Section: Experiments 61 Data Aquisition Componentsmentioning

confidence: 99%

See 2 more Smart Citations

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Pham

Marion

Mastio

et al. 2021

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device. Using our approach, a malware analyst is able to obtain precise knowledge about malware type and identity, even in the presence of obfuscation techniques which may prevent static or symbolic binary analysis. We recorded 100,000 measurement traces from an IoT device infected by various in-the-wild malware samples and realistic benign activity. Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors. In our experiments, we were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%. Even more, our results show that we are able to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to the binary, which makes our approach particularly useful for malware analysts. CCS CONCEPTS• Security and privacy → Malware and its mitigation.

show abstract

Section: State-of-the-artmentioning

confidence: 99%

Section: Benign Datasetmentioning

confidence: 99%

See 1 more Smart Citation

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Pham

Marion

Mastio

et al. 2021

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…Leveraging physical side-channel leakages to detect anomalous activity has also been explored by other researchers. Examples include leveraging electromagnetic signals to detect ransomware attacks in cyber-physical systems [12], analyzing and classifying malware in embedded systems [13], and detecting anomalies in medical devices [14].…”

Section: A Related Workmentioning

confidence: 99%

Detecting the Exploitation of Hardware Vulnerabilities using Electromagnetic Emanations

Barreto¹,

Lamb²

2021

Preprint

View full text Add to dashboard Cite

We present a cache attack monitoring methodology that leverages statistical machine learning models to detect n-day hardware attacks by analyzing the electromagnetic emanations of a device. Experimental results from a Raspberry Pi 4 hosting Linux and a Jetson TX2 development board running a Linux guest hosted by seL4 demonstrate that our approach can sense Spectre attacks with a concordance statistic of 97% and 95%.

show abstract

“…The majority of such works are oriented towards achieving anomaly detection or verifying the control flow integrity at the software level. In this context, several alternative modalities have been considered, e.g., (a) the analysis of power consumption of the device [13], [14], [28], [29] or (b) the analysis of radiant EM [1], [4], [15], [19], [34] signals. Each of the approaches has its advantages, with the former being able to profile the behavior of the device as a whole and the latter being capable of providing a higher level of granularity to individual components of the device.…”

Section: Previous Workmentioning

confidence: 99%

EM Fingerprints: Towards Identifying Unauthorized Hardware Substitutions in the Supply Chain Jungle

Kolias

Barbará

Rieger

et al. 2020

2020 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

This paper proposes a system capable of branding digital device components based on the EM signals typically emitted during their normal operational cycles. Such signals contain digital artifacts that are unique, which may act as an identifier of a particular device component e.g., its CPU, or the entire device if one chooses to take into account a combination of multiple such components. In real-life scenarios, this "biometrical" fingerprinting of hardware has to be conducted only once, possibly as part of an initial device configuration process with minimum additional maintenance time and cost, by the network administrators. At a subsequent stage, devices can get "authenticated" by comparing their newly emitted signals against the preexisting database during routine checks. The experimental results attest that the proposed approach can effectively protect a network against unrecognized potentially rogue devices posing as benign or malicious substitutions of hardware components at the chip level with near-perfect accuracy. One may view the proposed system as a technical solution to verify the trustworthiness of digital parts as well as the actors involved in certain stages of the supply chain.144 2020 Symposium on Security and Privacy Workshops (SPW)

show abstract

REMOTE: Robust External Malware Detection Framework by Using Electromagnetic Signals

Cited by 36 publications

References 49 publications

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Detecting the Exploitation of Hardware Vulnerabilities using Electromagnetic Emanations

EM Fingerprints: Towards Identifying Unauthorized Hardware Substitutions in the Supply Chain Jungle

Contact Info

Product

Resources

About