6.1.3 Electromagnetic signal acquisition. We monitor the Raspberry
Pi under the execution of benign and malicious dataset using a low
to mid-range measurement setup. It consists of an oscilloscope
with 1GHz bandwidth (Picoscope 6407) connected to a H-Field
Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a
Langer PA-303 +30dB (Figure 3). To capture long-time execution of
malware in the wild, the signals were sampled at 2MHz sampling
rate.
The activity of the Raspberry Pi, when executing malware or gen-
erating benign activity, was recorded with a sample rate of 2MHz
during 2.5 seconds. It has been chosen empirically based on (but
not limited to) the constraints of the data acquisition components:
imprecise trigger, and malware characteristics (e.g. sleep time with
no activity of Mirai). The duration of 2.5 seconds is enough to obtain
exploitable features for classification.
We collected 3 000 traces each for 30 malware binaries and 10 000
traces for benign activity. Thus, in total 100 000 traces were recorded,
then we computed their short term Fourier transformation, as de-
scribed in part 5.3.