In short: Antivirus software typically uses a combination of machine learning algorithms and frequently updated malware definitions to protect our computers from external threats. However, no antivirus software is perfect and sometimes it misses new or heavily disguised threats. This is why researchers at the Institute of Computer Science and Random Systems have been eager to explore new methods for detecting hostile programs that do not rely on software solutions at all.
Instead, a team of four takes advantage of electromagnetic pulses detect malware; even if the target is hidden. Their approach is unorthodox to say the least, but also accurate enough based on their initial tests.
The technology the team developed uses a Raspberry Pi to connect to an infected or potentially infected device. The Pi communicates with an H-field sensor and an oscilloscope: the former detects the magnetic waves emitted by the device, and the latter visualizes them for viewing by a malware analyst.
According to the researchers, different types of malware emit certain electromagnetic waves. WITH all emits such waves these days, it was not enough just to set up the system and analyze the output of the oscilloscope. The Pi-based malware detector needed to be trained on a variety of threats to improve its detection accuracy and rule out false positives.
Through the researchers’ experiments, the Pi was able to predict three “common types of malware” and one “harmless” class (harmless malware that can be more annoying than anything else) with an accuracy of about 99.82 percent. The Panel notes that it does not matter what obfuscation techniques the software in question may use on the software side, because their device is independent of the software; it works at a higher level.
This research is still in its early stages and this technology will not be widely available to the public anytime soon. However, the potential for good is clear: malware creators will undoubtedly find it difficult, if not impossible, to completely hide the electromagnetic footprints left by their programs.
We see a future in which this technology will be used to maintain antivirus databases and allow programs like Malwarebytes and Windows Defender to stay one step ahead and better protect their users. Anyway, that would be ideal – malware creators are very cunning, so maybe in the future they will find a way to bypass this detection system.