Researchers at North Carolina State University and the University of Texas at Austin have developed a new technology to detect malware. The new technology enables detection by tracking power fluctuations in embedded systems.
Embedded systems include a wide range of applications, such as home voice assistants, industrial control systems, and more. Malware against these systems can control the system or steal information. This kind of malware is designed to take advantage of the system’s architecture, effectively hijacking hardware, allowing external users to control the system and access data. Spectre and Meltdown are typical examples of microarchitecture malware.
Aydin Aysu, assistant professor of electrical and computer engineering at North Carolina State University, said that micro-architecture attacks are difficult to detect, but methods for detecting them have been found, that is, by judging whether power consumption is abnormal, it is possible to know whether the malware exists in the system.
So how do new technologies work? Power monitoring solutions can be integrated into smart batteries to work with new embedded systems. The new “Plug and Play” hardware will use inspection tools in existing embedded systems.
The researchers found that because the new detection technology relies on the power reporting of the embedded system if the malware modifies its behavior to mimic the “normal” power usage pattern, the power monitoring detection tool may not be successfully detected.
But new technologies still have an advantage. When malware simulates normal power consumption and avoidance detection, its data transmission speed is reduced by 86% to 97%. Even in a few cases, malware may not be detected, but new technologies can still reduce the impact of malware.