The world’s largest companies are grappling with increasingly widespread and sophisticated malware attacks, but an exciting new malware detection technique could help organizations thwart these threats without the need for software.
A team of researchers from the French Institute for Research in Computer Science and Random Systems has created an anti-malware system centered around a Raspberry Pi that analyzes devices for electromagnetic waves. As reported by Tom’s gear, the security device uses an oscilloscope (Picoscope 6407) and an H-Field probe connected to a Raspberry Pi 2B to detect anomalies in specific electromagnetic waves emitted by attacked computers, a technique which the researchers say is used to “obtain precise knowledge about the type and identity of malware.
The detection system then relies on Convolutional Neural Networks (CNNs) to determine if the collected data indicates the presence of a threat. Using this technique, the researchers claim that they could record 100,000 measurement traces from IoT devices infected with real malware samples, and predicted three classes of generic malware and one class of benign malware with accuracy up to 99.82%.
Best of all, no software is needed and the device you’re scanning doesn’t need to be manipulated in any way. As such, bad actors will not be successful in their attempts to disguise malicious code from malware detection software using obfuscation techniques.
“Our method does not require any modification on the target device. Thus, it can be deployed independently of the available resources at no additional cost. In addition, our approach has the advantage that it can hardly be detected and evaded by malware authors ”, the researchers written in the diary.
Keep in mind that this system was designed for research purposes, not to be marketed as a commercial product, although it may inspire security teams to research new ways to use EM waves for detect malware. Research is currently in its early stages and the neural network will need to be further trained before it can be used in practice.
For now, the system is a unique approach to securing devices by making it difficult for malware authors to hide their code, but the technology is far from publicly available.
And while this may sound promising as an inexpensive method of detecting malware given the use of a Raspberry Pi, the other EM wave-scanning equipment costs several thousand dollars. Despite its limitations, it is encouraging to see the research approaching such an important problem from a unique perspective. Who knows, this simple setup might one day help prevent the next major breach.