There was an "interesting" piece on Gizmodo. Does it sound like the 20's something journalism major Phillip Tracy is being pranked?

https://gizmodo.com/raspberry-pi-can-detect-malware-by-scanning-for-electro-1848339130



https://www.linkedin.com/in/philliptracy/

 

Here is the original paper: https://hal.archives-ouvertes.fr/hal-03374399/document

The section below explains how the data was collected, it was classified using Bayesian and deep learning techniques. The idea is a side channel method for basically "fingerprinting" malware compared to non-malware programs. It's not nonsense, nor is it flaky.

It's complicated and competent work. I can't address the results they claim but nothing about it is outrageous.

6.1.3 Electromagneticsignalacquisition. WemonitortheRaspberry Pi under the execution of benign and malicious dataset using a low to mid-range measurement setup. It consists of an oscilloscope with 1GHz bandwidth (Picoscope 6407) connected to a H-Field Probe (Langer RF-R 0.3-3), where the EM signal is amplified using a Langer PA-303 +30dB (Figure 3). To capture long-time execution of malware in the wild, the signals were sampled at 2MHz sampling rate.
The activity of the Raspberry Pi, when executing malware or gen- erating benign activity, was recorded with a sample rate of 2MHz during 2.5 seconds. It has been chosen empirically based on (but not limited to) the constraints of the data acquisition components: imprecise trigger, and malware characteristics (e.g. sleep time with no activity of Mirai). The duration of 2.5 seconds is enough to obtain exploitable features for classification.
We collected 3 000 traces each for 30 malware binaries and 10 000 traces for benign activity. Thus, in total 100 000 traces were recorded, then we computed their short term Fourier transformation, as de- scribed in part 5.3.

 

So the Raspberry had nothing to do with detecting malware, it was running the malware?

Raspberry Pi Can Detect Malware By Scanning for Electromagnetic Waves

And they recorded some CPU buzzing running different pieces of code and called that detection? Somebody needs to get their grant money back.

 

So the Raspberry had nothing to do with detecting malware, it was running the malware?


And they recorded some CPU buzzing running different pieces of code and called that detection? Somebody needs to get their grant money back.

The story specifically says the researchers were making 100,000 scans on an IoT device. The raspberry pi is simply a portable computer - any computer could do the job. IoT devices are generally wireless and have no I/O ports to tap into so scanning the signals they broadcast is a reasonable thing to do and the scope and antenna they used seem like a reasonable way to do it.

What, speciifically seems to defy logic or justify someone asking for research dollars to be returned?

Do you work for the .French Government? Are you a taxpayer in France? Do you work for one of the private companies funding the project? Is there something else that makes you suspicious?

 

Did you read the paper? It's a very systematic effort to classify malware by electromagnetic signatures. It's a side channel technique based on a Naive Bayesian model and on three machine learning models. There is nothing about it, in principle, that is ridiculous or obviously unworkable.

What is your incredulity based on? Do you have an actual criticism of the idea or methods?

 

Also, that headline is just plain wrong, the RPi is a malware host, it provided the signals for recording wasn't involved in detection.

 

This is giving a de ja vu that feels strong and old. I remember hearing about this or something very much like it a several years ago and thinking it was B.S. until digging deeper and finding that it actually made sense. I think Google is gaslighting me. And/or someone behind the Raspberry Pi project called in a favor. I did not use the words "Raspberry Pi" in my search. I googled "detection of malware with em waves" and here's what I got:

Per the story google is presenting, this is novel, never happened before, I'm crazy, and this couldn't have happened without Raspberry Pi.

 

That headline seems to have come from a Tom's Hardware "article". It is completely wrong, it doesn't actually describe the research.

 

https://www.researchgate.net/public...odel_for_Electromagnetic_Side-Channel_Signals
https://cpn-us-w2.wpmucdn.com/sites.gatech.edu/dist/4/463/files/2020/04/JHSS.pdf

Seems an academic exercise at best. State level Malware will easily decrease the noise level of its operations while spoofing benign signatures.

 

Yay! I'm not crazy. Nice try, almighty Google.

https://www.google.com/url?sa=t&sou...QFnoFCLYBEAE&usg=AOvVaw2a0kJzl-OC28fwrJhLD3Zi

 

@nsaspook you beat me to it. You probably had it bookmarked in your TEMPEST folder.

 

https://www.researchgate.net/public...odel_for_Electromagnetic_Side-Channel_Signals
https://cpn-us-w2.wpmucdn.com/sites.gatech.edu/dist/4/463/files/2020/04/JHSS.pdf

Seems an academic exercise at best. State level Malware will easily decrease the noise level of its operations while spoofing benign signatures.

EDIT to be more concise: The paper you linked is anomaly focused where this new one is using program-independent pattern recognition to classify programs as malware or benign. It isn't a blind approach concerning the running software, it's a detection of the patterns produced by any malware, based on the Bayesian and deep learning models. It's not concerned with anomaly detection at all.

 

EDIT to be more concise: The paper you linked is anomaly focused where this new one is using program-independent pattern recognition to classify programs as malware or benign. It isn't a blind approach concerning the running software, it's a detection of the patterns produced by any malware, based on the Bayesian and deep learning models. It's not concerned with anomaly detection at all.

Patterns that matched deep learning models are not very resilient to intelligent countermeasures IMO. There are many ways to generate adversarial patterns to spoof false negatives or positives to deep learning models on image classification systems. I would expect the noisy nature of EM spectrum and pattern matching to have the same vulnerabilities.
https://www.sciencedirect.com/science/article/pii/S209580991930503X
https://www.nature.com/articles/s41467-021-27577-x

There's nothing really new here, only maybe a difference in the software approach to the classic problem of EM signature analysis.
https://forum.allaboutcircuits.com/threads/privacy-lost.131989/post-1237148

 

Do you have an actual criticism of the idea or methods?

As a programmer for 20 years (not Java), I think that using EM radiation to detect the code that is running on a multi-core + multi-threaded processor is absurd.

 

As a programmer for 20 years (not Java), I think that using EM radiation to detect the code that is running on a multi-core + multi-threaded processor is absurd.

You don't even need EM to have effective side-channel attacks on multi-core + multi-threaded processors.

Countermeasure: Modify the software to equalize prime number compute loops.

 

As a programmer for 20 years (not Java), I think that using EM radiation to detect the code that is running on a multi-core + multi-threaded processor is absurd.

I think if you read the paper you'd find that it's something different than you think. In any case, I get it, you just "don't believe it".

 

I think if you read the paper you'd find that it's something different than you think. In any case, I get it, you just "don't believe it".

Its 2022. Uninformed Opinion is the New Knowledge

 

I think if you read the paper you'd find that it's something different than you think. In any case, I get it, you just "don't believe it".

I know that it works but I don't believe it will be a robust detection method. The moment you disclose a side-channel information leak (malware signatures), it will get plugged if there is value to maintain its operation.

 

I know that it works but I don't believe it will be a robust detection method. The moment you disclose a side-channel information leak (malware signatures), it will get plugged if there is value to maintain its operation.

Right, but it's not "signatures" of particular malware, it's a generalized pattern matching based on the behavior difference between malware and benign software. It's caused by things like command and control connections and other things. It's doesn't depend on a catalog but on how something that functions as malware necessarily behaves.

I am not saying countermeasures aren't possible but it would be very hard to figure our how the AI has correlated things. You'd probably have to run the whole thing for yourself and do a lot of empirical testing.

 

Right, but it's not "signatures" of particular malware, it's a generalized pattern matching based on the behavior difference between malware and benign software. It's caused by things like command and control connections and other things. It's doesn't depend on a catalog but on how something that functions as malware necessarily behaves.

I am not saying countermeasures aren't possible but it would be very hard to figure our how the AI has correlated things. You'd probably have to run the whole thing for yourself and do a lot of empirical testing.

It's always 'signatures' as probabilities in the end that are getting classified and matched. You don't need to figure our how the AI has correlated things, you only need the ability to mimic what the AI has classified as benign software. There is a large active parallel area of research into defeating AI based systems that's turned into a Spy-vs-Spy continuing series. Countermeasures should be just as effective. I have low confidence that behavior differences as indirectly detected by EM emissions (as a marker of X activity) is a robust method of malware detection.

https://arxiv.org/abs/2104.15064

In the last decade, deep neural networks have proven to be very powerful in computer vision tasks, starting a revolution in the computer vision and machine learning fields. However, deep neural networks, usually, are not robust to perturbations of the input data. In fact, several studies showed that slightly changing the content of the images can cause a dramatic decrease in the accuracy of the attacked neural network. Several methods able to generate adversarial samples make use of gradients, which usually are not available to an attacker in real-world scenarios. As opposed to this class of attacks, another class of adversarial attacks, called black-box adversarial attacks, emerged, which does not make use of information on the gradients, being more suitable for real-world attack scenarios. In this work, we compare three well-known evolution strategies on the generation of black-box adversarial attacks for image classification tasks. While our results show that the attacked neural networks can be, in most cases, easily fooled by all the algorithms under comparison, they also show that some black-box optimization algorithms may be better in "harder" setups, both in terms of attack success rate and efficiency (i.e., number of queries).