Tom's Hardware: Raspberry Pi Detects Malware Using Electromagnetic Waves

k gmkarl at gmail.com
Mon Jan 10 02:39:20 PST 2022


6.1.3 Electromagnetic signal acquisition. We monitor the Raspberry
Pi under the execution of benign and malicious dataset using a low
to mid-range measurement setup. It consists of an oscilloscope
with 1GHz bandwidth (Picoscope 6407) connected to a H-Field
Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a
Langer PA-303 +30dB (Figure 3). To capture long-time execution of
malware in the wild, the signals were sampled at 2MHz sampling
rate.
The activity of the Raspberry Pi, when executing malware or gen-
erating benign activity, was recorded with a sample rate of 2MHz
during 2.5 seconds. It has been chosen empirically based on (but
not limited to) the constraints of the data acquisition components:
imprecise trigger, and malware characteristics (e.g. sleep time with
no activity of Mirai). The duration of 2.5 seconds is enough to obtain
exploitable features for classification.
We collected 3 000 traces each for 30 malware binaries and 10 000
traces for benign activity. Thus, in total 100 000 traces were recorded,
then we computed their short term Fourier transformation, as de-
scribed in part 5.3.

>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2088 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220110/905e03ae/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ACSAC21_camera_ready.pdf
Type: application/pdf
Size: 5462646 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220110/905e03ae/attachment-0001.pdf>


More information about the cypherpunks mailing list