Tom's Hardware: Raspberry Pi Detects Malware Using Electromagnetic Waves
Tom's Hardware: Raspberry Pi Detects Malware Using Electromagnetic Waves. https://www.tomshardware.com/news/raspberry-pi-detects-malware-with-em-waves "A team of researchers from the Research Institute of Computer Science and Random Systems (IRISA) has developed a malware detection system using a Raspberry Pi that scans devices for specific electromagnetic (EM) waves. The group consists of Annelie Heuser, Matthieu Mastio, Duy-Phuc Pham, and Damien Marion . "Because the Pi focuses on the EM field, users don’t need to install anything on the target device. Instead, everything is handled via physical, external forces and is outside any software-level control potential malware has on a given machine. "The Raspberry Pi is trained with both safe and malicious data sets to help define the parameters of a potential threat. In addition, the Pi features an oscilloscope (Picoscope 6407) and an H-Field probe to detect EM field changes. "According to the research paper, the team used Convolution Neural Networks (CNN) to evaluate the data for threats. The model used to train the malware detection system provided accuracy as high as 99.82% during testing. "To get a closer look at this clever Raspberry Pi EM malware detection project, check out the official research paper created by the team.
6.1.3 Electromagnetic signal acquisition. We monitor the Raspberry Pi under the execution of benign and malicious dataset using a low to mid-range measurement setup. It consists of an oscilloscope with 1GHz bandwidth (Picoscope 6407) connected to a H-Field Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a Langer PA-303 +30dB (Figure 3). To capture long-time execution of malware in the wild, the signals were sampled at 2MHz sampling rate. The activity of the Raspberry Pi, when executing malware or gen- erating benign activity, was recorded with a sample rate of 2MHz during 2.5 seconds. It has been chosen empirically based on (but not limited to) the constraints of the data acquisition components: imprecise trigger, and malware characteristics (e.g. sleep time with no activity of Mirai). The duration of 2.5 seconds is enough to obtain exploitable features for classification. We collected 3 000 traces each for 30 malware binaries and 10 000 traces for benign activity. Thus, in total 100 000 traces were recorded, then we computed their short term Fourier transformation, as de- scribed in part 5.3.
I don't really know these things, but the probe used appears to be a coil with <=2 mm diameter: https://www.langer-emv.de/en/product/rf-passive-30-mhz-up-to-3-ghz/35/rf-r-0... . Not sure why they use an H-field probe; I would have expected E-field.
On 1/10/22, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
\
dude, do not fucking send 8mb attachnents to mailing lists.
hey, i appreciate the advice, and don't know whether to trust you or not. my attachment seemed quite important, and was 5 MB, roughly the same size as zeynep's on dec 14: https://lists.cpunks.org/pipermail/cypherpunks/2021-December/093620.html i don't attend hacker cons, and analysing malware via magnetic emissions is groundbreaking news for me that alters the global landscape.
participants (3)
-
jim bell
-
k
-
Punk-BatSoup-Stasi 2.0