Malware Detection on General-Purpose Computers Using Power Consumption
  Monitoring: A Proof of Concept and Case Study

There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

Abstract

Malware detection is challenging when faced with automatically generated and polymorphic malware, as well as with rootkits, which are exceptionally hard to detect. In an attempt to contribute towards addressing these challenges, we conducted a proof of concept study that explored the use of power consumption for detection of malware presence in a general-purpose computer. The results of our experiments indicate that malware indeed leaves a signal on the power consumption of a general-purpose computer. Specifically, for the case study based on two different rootkits, the data collected at the +12V rails on the motherboard showed the most noticeable increment of the power consumption after the computer was infected. Our future work includes experimenting with more malware examples and workloads, and developing data analytics approach for automatic malware detection based on power consumption.

Related collections

Most cited references 3

Record: found
Abstract: found
Article: found

Is Open Access

Power Consumption Based Android Malware Detection

Ruiwen Tang, Hongyu Yang (2016)

In order to solve the problem that Android platform’s sand-box mechanism prevents security protection software from accessing effective information to detect malware, this paper proposes a malicious software detection method based on power consumption. Firstly, the mobile battery consumption status information was obtained, and the Gaussian mixture model (GMM) was built by using Mel frequency cepstral coefficients (MFCC). Then, the GMM was used to analyze power consumption; malicious software can be classified and detected through classification processing. Experiment results demonstrate that the function of an application and its power consumption have a close relationship, and our method can detect some typical malicious application software accurately.