Detector IDs Bugs by Monitoring Power Use.
Malware is evasive, intelligent, and sneaky No sooner than antivirus software is updated to combat the latest attacks, a computer virus already will have evolved into something harder to detect and potentially more damaging to a computer system.
Malware, though, is not without vulnerabilities. Engineers at the University of Texas, Austin, and North Carolina State University, Raleigh, have found an additional line of defense to detect threats that does not rely on the detection and protection provided by existing antivirus software programs. Their method detects the presence of malware in large-scale embedded computer systems by monitoring power usage and identifying unusual surges as signs of unwelcome security threats.
Malware frequently is designed to appear benign so that it can blend in with other applications on a computer system. However, a system's power usage cannot be manipulated, and the engineers realized this offered an opportunity to observe and identify power signatures that differ from known benign behavior, referred to as "power anomalies."
The new detection tool tracks power fluctuations specifically in embedded systems--from smartphones to industrial remote-control systems in power plants.
"We know what power consumption looks like when embedded systems are operating at normal levels," says Mohit Tiwari, assistant professor in the UT Department of Electrical and Computer Engineering. "By looking for power anomalies, we can tell with reasonable accuracy when malware is present in a system."
However, some malware is designed to conceal its presence by mirroring the power usage of benign programs. 'The real technical contribution of this work has been our ability to successfully model malware that conceals itself by mimicking the power signatures of benign programs," Tiwari explains.
"Models of evasive malware can then be used to determine the extent of damage that power detectors can protect against."
Using power to detect the presence of malware is not the only clever part to this technology The researchers also realized any detection system needed to be designed as an external device that could be plugged into a system. As a separate, unconnected device, it could not be at risk of attack.
Current software security programs reside within the same systems that are targeted by malware, making them just as vulnerable to attack as other applications used on any computer.
The other advantage of measuring power to detect malware is that it is unaffected by the constant adaptation of cyberthreats. "Malware keeps evolving in order to outsmart antivirus software, meaning engineers must also continuously retrain their programs," says study leader and UT Ph.D. candidate Shijia Wei.
"With our device, we can force the malware to mimic benign programs on embedded systems, and this can greatly reduce the potential damage an attack can cause."
Vehicles or drones built by different makers, or for different purposes, will have to interact on the same roadway or airspace. Slight dissimilarities or affinities in the behavior of these subunits within the amalgam could affect collective behavior. "You can't always treat them as identical Individuals," Ouellette asserts.
|Printer friendly Cite/link Email Feedback|
|Publication:||USA Today (Magazine)|
|Date:||Jun 1, 2019|
|Previous Article:||Can Autonomous Vehicles Mimic Animals?|
|Next Article:||Securing Electronics with Sweat Analysis.|