Malware Detection Using Unintentional Electromagnetic Emanations
Project By: Rob Callan and Farnaz Behrang
Presentation By: Rob Callan and Farnaz Behrang
ABSTRACT | A rapidly growing number of devices used in consumer electronics and the Internet of Things require internet connectivity. Such devices are challenging to secure because they rely on cheap, low-power processors which have limited resources available for security software. Furthermore, the lack of standardization across the numerous hardware and software platforms and environments used in developing for these devices makes it difficult to deploy and update security software. Zero-day exploits, i.e. exploits of previously unknown vulnerabilities, are particularly difficult to detect for these applications. Our approach to detecting malware addresses these challenges by monitoring the RF emissions (i.e. EM emanations) that these devices generate. We start by systematically characterizing the EM emanations generated by software running on an uncompromised device. To protect the device against intrusions, we continue to monitor the device’s EM emanations and when the EM emanations differ from those collected on the uncompromised device, we infer that an intrusion has occurred. This approach addresses many of the challenges above by completely separating (air-gapping) the monitor from the device being monitored.
Rob Callan, postdoctoral fellow, graduated from Georgia Tech in December 2016 with a Ph.D. in electrical and computer engineering. Farnaz Behrang is a Ph.D. student in the School of Computer Science, studying software evolution and testing. She is advised by Alessandro Orso.