Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Bridges, Robert; Hernandez Jimenez, Jarilyn M.; Nichols, Jeff; Goseva-Popstojanova, Katerina; Prowell, Stacy J.

doi:10.1109/TrustCom/BigDataSE.2018.00250

Title: Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Conference · Wed Aug 01 00:00:00 EDT 2018

DOI:https://doi.org/10.1109/TrustCom/BigDataSE.2018.00250· OSTI ID:1474728

^[1]; Hernandez Jimenez, Jarilyn M. ^[1];

^[1]; Goseva-Popstojanova, Katerina ^[2];

^[1]

ORNL
West Virginia University, Morgantown

This paper presents an experimental design and data analytics approach aimed at power-based malware detection on general-purpose computers. Leveraging the fact that malware executions must consume power, we explore the postulate that malware can be accurately detected via power data analytics. Our experimental design and implementation allow for programmatic collection of CPU power profiles for fixed tasks during uninfected and infected states using five different rootkits. To characterize the power consumption profiles, we use both simple statistical and novel, sophisticated features. We test a one-class anomaly detection ensemble (that baselines non-infected power profiles) and several kernel-based SVM classifiers (that train on both uninfected and infected profiles) in detecting previously unseen malware and clean profiles. The anomaly detection system exhibits perfect detection when using all features and tasks, with smaller false detection rate than the supervised classifiers. The primary contribution is the proof of concept that baselining power of fixed tasks can provide accurate detection of rootkits. Moreover, our treatment presents engineering hurdles needed for experimentation and allows analysis of each statistical feature individually. This work appears to be the first step towards a viable power-based detection capability for general-purpose computers, and presents next steps toward this goal.

View Conference

Cite

Export

Save

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1474728

Resource Relation:: Conference: International Conference on Communications (ICC 2018) - Kansas City, Missouri, United States of America - 5/20/2018 6:00:00 PM-5/24/2018 1:00:00 PM

Country of Publication:: United States

Language:: English

Similar Records

Heartbeat: Detecting Malware by Periodic Power Signal Injection and Monitoring

Technical Report · Sat Oct 01 00:00:00 EDT 2022 · OSTI ID:1474728

Prowell, Stacy J.; Dawson, Joel; Passian, Ali

Heartbeat Malware Detection

Software · Thu Feb 28 00:00:00 EST 2019 · OSTI ID:1474728

Dawson, Joel A; Ferber, Aaron E

Beyond the Hype: An Evaluation of Commercially Available Machine-Learning-Based Malware Detectors

Journal Article · Thu Feb 16 00:00:00 EST 2023 · Digital Threats: Research and Practice · OSTI ID:1474728

Bridges, Robert A.; Oesch, Sean; Iannacone, Michael D.; +12 more

Title: Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Citation Formats

Similar Records

Related Subjects