6.1.3 Electromagnetic signal acquisition. We monitor the Raspberry

Pi under the execution of benign and malicious dataset using a low

to mid-range measurement setup. It consists of an oscilloscope

with 1GHz bandwidth (Picoscope 6407) connected to a H-Field

Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a

Langer PA-303 +30dB (Figure 3). To capture long-time execution of

malware in the wild, the signals were sampled at 2MHz sampling

rate.

The activity of the Raspberry Pi, when executing malware or gen-

erating benign activity, was recorded with a sample rate of 2MHz

during 2.5 seconds. It has been chosen empirically based on (but

not limited to) the constraints of the data acquisition components:

imprecise trigger, and malware characteristics (e.g. sleep time with

no activity of Mirai). The duration of 2.5 seconds is enough to obtain

exploitable features for classification.

We collected 3 000 traces each for 30 malware binaries and 10 000

traces for benign activity. Thus, in total 100 000 traces were recorded,

then we computed their short term Fourier transformation, as de-

scribed in part 5.3.