Spectral Profiling and Monitoring: An Observer-Effect-Free Method for Profiling and Dynamic Malware Detection
Project By: Alenka Zajic, Milos Prvulovic, Nader Sehatbakhsh, Monjur Alam, and Alireza Nazari
Presentation By: Nader Sehatbakhsh
ABSTRACT | We present Spectral Profiling and Monitoring, a new method for monitoring program execution without instrumenting or otherwise affecting the monitored system to detect malwares, control flow hijacking or code injection. Spectral Monitoring observes EM emanations unintentionally produced by the monitored system, looking for spectral “spikes” due to periodic program activity (e.g. loops). It characterizes normal execution behavior in terms of peaks in the observed EM spectrum at any point in program execution and finds any deviation from it by statistical comparison in monitoring phase. Since Spectral Monitoring requires no resources on the monitored machine and no changes to the monitored software, it is especially well suited for security monitoring of embedded and IoT devices.
Nader Sehatbakhsh is a Ph.D. student, researching computer architecture, as well as security for IoT and embedded systems, and memory systems. Alireza Nazari is a Ph.D. student whose interests lie in secure computer architecture and signal processing. Monjur Alam is a Ph.D. student in the School of Computer Science, whose research includes the areas of cryptography, Algorithm analysis and design. They are advised by Milos Prvulovic, and co-advised by Alenka Zajic.