Towards a Malware Detection Framework Based on Power Consumption Monitoring

As our personal, organizational, and critical infrastructure are increasingly dependent on networked computing assets, malicious software —malware—is one of the most serious national security threats. Common malware detection practices are proving insufficient, and the task poses significant challenges when faced with automatically generated and polymorphic malware, as well as rootkits, which are exceptionally hard to detect. To address these challenges, we propose an approach that uses an unavoidable consequence of malware—consumption of electrical power. The objective of this research is to determine whether malware generates a detectable signal in the power consumption of a general-purpose computer. Using unsupervised methods to analyze CPU and motherboard power data, we exhibit 87.5% true-positive, 0% false positive, 33.3% false-negative, and 100% true-negative rates when detecting the Alureon rootkit.