Power detection could point to malicious code

Virus detection could be improved with technology developed by a US startup, detecting tiny increases in power consumption to reveal the presence of malicious code.

With the growing sophistication of threats, there is scepticism over whether conventional antivirus protections will provide adequate defence in the future.  

For many years, much of the detection of virus and other malicious code has been achieved by a signature based approach. This has meant identifying code using software and automatically attacking it, an approach which has been largely effective.

However, there is an increasing feeling that such methods are not strong enough to deal with evolving threats. The Flame attack earlier this year highlighted the ease with which malware operators can circumvent systems, and the cost to businesses can be huge.

The startup, Power Fingerprinting, with its roots in US university Virginia Tech, is developing a new approach to threat detection, checking the power consumption to reveal any unwanted presences.

According to TechnologyReview, the antivirus system makes a detailed analysis of a processor’s power consumption, detecting any additional power draw that would point to malicious code being present.

This power fingerprinting method has demonstrated a 93 percent detect rate for single malicious instruction changes, improving to 99.9 percent for multiple changes, and has been shown to be effective on Android devices.

Although the technology may not alert which type of malware was present in the way that an antivirus scanner would, such a system would have benefits where conventional antivirus protection had failed to become aware of a threat at all.

With the increasing reliance on IT in a range of infrastructure, and a large increase in the number and sophistication of threats, the power detection tool could help stay one step ahead of attackers.