DARPA funds IoT malware detection project

From NextGov:

The Defense Advanced Research Projects Agency is funding research that may allow future users to wirelessly monitor internet of things devices for malicious software.

The technique measures devices’ thermal outputs. The logic is that semiconductors, capacitors and other components of owned devices – those that have malware installed or have been hacked – emit different electromagnetic signals than devices in normal operation.

The Computational Activity Monitoring by Externally Leveraging Involuntary Analog Signals, or CAMELIA, project team, composed of members from the Georgia Institute of Technology and Northrop Grumman, believe those “unintended side-channel emissions” can be remotely measured and used to tell whether IoT devices are infected.

This type of research could be important given most IoT devices don’t have the capacity to run malware protection and the fact that they may tally some 38 billion by 2020.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“We will be looking at how the program is changing its behavior,” said Alenka Zajic, the project’s principal investigator and an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, in a blog post. “If an internet of things device is attacked, the insertion of malware will affect the program that is running, and we can detect that remotely.”  

DARPA awarded CAMELIA a $9.4 million grant as part of a broader DARPA program called Leveraging the Analog Domain for Security, which includes five other initiatives that address security in the internet of things.

As Zajic explained, the system outlined in the CAMELIA project will compile a before and after recording of each combination of IoT device and software – things like automated heating and cooling sensors – to create a database. To avoid an overwhelming amount of data, they’ll take “periodic samples” of …

Continue Reading