Research about IoT malware and tools developed for automated IoT malware classification are limited. IoT and embedded technologies use numerous customized firmware and hardware, without taking into consideration security issues, which make them an attractive attack surface for cybercriminals, especially malware authors. Various types of state-of-the-art malware on Microsoft Windows took decades from the first known malicious software to happen in the wild, now start emerging on IoT devices in a shorter time.
We present a novel, robust and promissing approach of leveraging electromagnetic emanations to identify the kinds of malware that are targeting the Raspberry Pi device. Using our approach, malware analysts can obtain accurate information about the type and identity of IoT malware, even with obfuscation techniques that can prevent static and symbolic binary analysis. We recorded traces of more than 100K measurements from IoT devices infected with various malware samples and realistic benign activity. Our method allows deployment independent of available resources with no overhead. Moreover, our approach has the advantage that malware authors are less likely to detect and bypass. In our experiments, we were able to predict three common types of malware vs. benign activities with 99.82% accuracy.
Pham Duy Phuc is a PhD candidate of IRISA, France. His main interests are malware reverse-engineering, intelligence threats hunting, side-channel information with deep learning analysis. During his PhD, he proposed the thesis: "Malware detection through side-channel". When he isn't glued to computer viruses, he spends time playing CTF with his team he founded: BabyPhD.
Damien is currently a Postdoc in the Capsule team, inside the IRISA laboratory. I am involved in two projects AHMA (Automated Hardware Malware Analysis), and IDROMEL (on the power side-channel leakages induced by micro-architectural design choices). I was previously a Postdoc in the MAIS team, inside TU-Darmstadt, involved in the DFG collaborative research center CROSSING and created a side-channel lab.
Annelie is a full-time CNRS researcher at IRISA laboratory in the Capsule team. My main interests lie in the security of embedded devices, especially combined with side-channel information/ attacks, machine and deep learning algorithms, and malware.