Raspberry Pi Can Detect Malware By Scanning For Electromagnetic Waves (gizmodo.com) 14
An anonymous reader quotes a report from Gizmodo: A team of researchers at France's Research Institute of Computer Science and Random Systems created an anti-malware system centered around a Raspberry Pi that scans devices for electromagnetic waves. As reported by Tom's Hardware, the security device uses an oscilloscope (Picoscope 6407) and H-Field probe connected to a Raspberry Pi 2B to pick up abnormalities in specific electromagnetic waves emitted by computers that are under attack, a technique the researchers say is used to "obtain precise knowledge about malware type and identity."
The detection system then relies on Convolution Neural Networks (CNN) to determine whether the data gathered indicates the presence of a threat. Using this technique, researchers claims they could record 100,000 measurement traces from IoT devices infected by genuine malware samples, and predicted three generic and one benign malware class with an accuracy as high as 99.82%. Best of all, no software is needed and the device you're scanning doesn't need to be manipulated in any way. As such, bad actors won't be successful with their attempts to conceal malicious code from malware detection software using obfuscation techniques. "Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors," researchers wrote in the paper.
The detection system then relies on Convolution Neural Networks (CNN) to determine whether the data gathered indicates the presence of a threat. Using this technique, researchers claims they could record 100,000 measurement traces from IoT devices infected by genuine malware samples, and predicted three generic and one benign malware class with an accuracy as high as 99.82%. Best of all, no software is needed and the device you're scanning doesn't need to be manipulated in any way. As such, bad actors won't be successful with their attempts to conceal malicious code from malware detection software using obfuscation techniques. "Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors," researchers wrote in the paper.
False positives (Score:3)
Re: False positives (Score:2)
You can build a process based on false positives if the risk of false negatives supersedes the operating costs of managing the additional false positives.
One clear example of this is nuclear war. It's better to scramble assets for a false positive than to miss an actual threat via a false negative.
With IoT, you could easily have a rotation of spare devices if downtime is not acceptable for the piece of hardware. Switch in the hardware you know is clean, take the potentially infected hardware to a secure pla
Also the opposite (Score:2)
> One clear example of this is nuclear war. It's better to scramble assets for a false positive than to miss an actual threat via a false negative
Also:
One clear counter example of this is nuclear war.
You don't want to launch a dozen nukes at Russia due to a false positive!
Not saying you're wrong.
Re: (Score:2)
A retaliation for a potential nuclear strike is to scramble jets, ready air defense, and prep the silos and subs -- all relating to raising the DefCon level. If a false positive of a potential nuclear strike was to instantly launch nukes, the world would of never made it through the cold war.
I get your point though it seems so far everyone has been more sensible than this. I think Russia has been probing alert systems more recently in northern Europe -- all relating to NATO readiness. This can open all kind
Re: (Score:2)
Re: (Score:2)
ICBMs reach mach 20. They get to their target pretty quick.
SSPARS tries to give 15 minutes or so warning before the ICBMs blow up the US.
Launching a retaliation takes several minutes after it's been ordered.
There's not a whole lot of time preparing, discussing, and confirming. Maybe 5 minutes between an alert of incoming missiles and the order to shoot back.
the CEO's will buy this for $399/unit! (Score:1)
the CEO's will buy this for $399/unit!
Re: (Score:3)
*I* would buy one for $399/unit. A PicoScope 6406 alone is $14093. The H-Field probes add another $500-$1000
Link to TFA (Score:3)
Bad OPSEC, this (Score:2)
Re: Bad OPSEC, this (Score:2)
The reply below you seems to outline the trouble with this. The question seems to be frequency of operations added to the device. if the device rarely polls to be activated for an attack, then the only real way to detect the anomaly is with 24-7 em scans.
And we would have to question with so much data, is it going to be easy to detect the miniscule difference in the moment of polling.
Likewise we would probably only discover the infection when the device goes hot for an attack which could be too late if the
Re: (Score:1)
You are drastically over-estimating how hard malware designers need to work to be successful, and malware designers are already good at making sure their code looks enough like normal computer operation that it isn't picked up by various heuristic approaches.
This is an interesting science project. But conventional on device techniques and watching the stream of bits coming out of the device and where they are going is still likely to be far more cost effective.
Great Idea (Score:3)
Moriarty (Score:1)