Poster: Obfuscation Revealed - Using Electromagnetic Emanation to Identify and Classify Malware<bold> </bold>

In this poster we present a novel approach of using side channel information to identify the kinds of malware threats that are targeting IoT devices. Although in the presence of obfuscation techniques that can prevent static or symbolic binary analysis, a malware researcher may obtain detailed information about malware type and identification using our method by leveraging side channel by electromagnetism rather than software-layer malware analysis. By capturing 100,000 measurement traces from an IoT system infected with different malware samples, we can obtain this information without altering the actual hardware. As a result, it can be implemented without any overhead, regardless of the resources available. Furthermore, our method has the advantage of non-trivial for malware authors to avoid. We were able to distinguish malware families based on side-channel knowledge without being able to see what exact hardware was involved. We were able to predict three generic malware forms (and one benign class) with a 99.89% percent accuracy in our tests. Furthermore, our results show that we are able to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations, which makes our approach particularly useful for malware analysts.<bold> </bold>