A team of researchers from the Research Institute of Computer Science and Random Systems (IRISA) has developed a malware detection system using a Raspberry Pi that scans devices for specific electromagnetic (EM) waves. The group consists of Annelie Heuser, Matthieu Mastio, Duy-Phuc Pham, and Damien Marion .
Because the Pi focuses on the EM field, users don’t need to install anything on the target device. Instead, everything is handled via physical, external forces and is outside any software-level control potential malware has on a given machine.
The Raspberry Pi is trained with both safe and malicious data sets to help define the parameters of a potential threat. In addition, the Pi features an oscilloscope (Picoscope 6407) and an H-Field probe to detect EM field changes.
According to the research paper, the team used Convolution Neural Networks (CNN) to evaluate the data for threats. The model used to train the malware detection system provided accuracy as high as 99.82% during testing.
To get a closer look at this clever Raspberry Pi EM malware detection project, check out the official research paper created by the team.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Ash Hill is a contributing writer for Tom's Hardware with a wealth of experience in the hobby electronics, 3D printing and PCs. She manages the Pi projects of the month and much of our daily Raspberry Pi reporting while also finding the best coupons and deals on all tech.
-
cpm5000 Too bad the oscilloscope the researchers used costs $14k - $32k USD depending on the model variation of the PicoScope 9300 series.Reply
Also, holding the probe at a 45 degree angle to the system processor probably isn’t practical unless you remove the uncooperative cover from the IoT garbage you want to scan.
The full study is pay-walled by the publisher but not by the authors, so it’s legally available for free here (PDF download trigger):
free PDF of full study -
domih Interesting paperReply
<<...Malicious codes commonly use packers, obfuscators, and polymorphism to hinder static-analysis and evade detection by making analyses difficult to reverse-engineer...>>
<<...Here we are interested in classifying into the 7 obfuscation techniques: Opaque predicates, bogus control flow, control-flow flattening using O-LLVM or Tigress, instruction substitution, virtualization, or packing...>>
Next Step in the arm race
NSA employee: "..uh boss? We need to beef up our EM noise generator algorithms to make it quasi impossible for these detectors to find out useful patterns and pollute their CNN..."