Malware Detection on General-Purpose Computers Using Power Consumption Monitoring: A Proof of Concept and Case Study
This addresses malware detection challenges for computer security, but it is incremental as a proof-of-concept with limited scope.
The study tackled malware detection by exploring power consumption monitoring on general-purpose computers, finding that malware, specifically two rootkits, increased power consumption, with the +12V rails showing the most noticeable increment.
Malware detection is challenging when faced with automatically generated and polymorphic malware, as well as with rootkits, which are exceptionally hard to detect. In an attempt to contribute towards addressing these challenges, we conducted a proof of concept study that explored the use of power consumption for detection of malware presence in a general-purpose computer. The results of our experiments indicate that malware indeed leaves a signal on the power consumption of a general-purpose computer. Specifically, for the case study based on two different rootkits, the data collected at the +12V rails on the motherboard showed the most noticeable increment of the power consumption after the computer was infected. Our future work includes experimenting with more malware examples and workloads, and developing data analytics approach for automatic malware detection based on power consumption.