Fileless Malware Detection using Electromagnetic Side-Channel Analysis

Abstract

Abstract Malware is a broad category of software that performs harmful activities in a computer system. Malware authors use different strategies to create malware. Fileless malware is a modern malware type. It can evade most of the traditional malware detectors. Therefore, new alternative technologies can be used to detect these malware types. Electromagnetic side-channel analysis can capture electromagnetic leakage from a computer processor. These leaked data are correlated with the instructions running in the system. The main goal of this research project is to explore and determine the applicability of the Electromagnetic side-channel analysis to detect fileless malware. This research involves introducing the optimum approach that can be used to detect fileless malware using a hardware setup to capture data and machine learning models to detect if the observed signal is taken when the CPU executes a benign or malicious process. Machine learning models such as Support Vector Machine, Convolution Neural Network, Multi Layer Perceptron, and Random Forest are trained to evaluate and find the best model for malware detection. And the real-world application of this malware detection approach is discussed. This research work can determine to what extent fileless malware can be detected using electromagnetic sidechannel analysis. Also, this research explores the methodology that can improve the reliability of fileless malware detection. As a result of this research work, a reliable hardware setup is introduced alongside data preprocessing techniques, and the Support Vector Machine model achieved high accuracy of 95% with binary classification. All models are trained with 509 signal data samples. Each model is tested with signal data samples collected during running multiple processes on CPU. SVM was able to achieve only 67% accuracy.