Heartbeat: Detecting Malware by Periodic Power Signal Injection and Monitoring

Research output: Book/ReportCommissioned report

Abstract

Rootkits and other stealthy malware attempt to conceal their presence on a computer by making changes to the host computer’s operating environment. ORNL’s Heartbeat technology detects these changes, and thus the malware itself. Heartbeat operates by directly monitoring the DC power consumption of the computer while a set of operations, the “heartbeat,” is executed periodically. These operations exercise parts of the operating system that are common targets of malware tampering. The power consumption during these heartbeat events is monitored and then compared to a previously learned baseline, with any significant deviation detected and analyzed. This technology has been tested and validated in a laboratory environment, and ORNL is currently seeking a deployment partner to allow for further in-context development and testing of this technology.
Original languageEnglish
Place of PublicationUnited States
DOIs
StatePublished - 2022

Keywords

  • 97 MATHEMATICS AND COMPUTING

Fingerprint

Dive into the research topics of 'Heartbeat: Detecting Malware by Periodic Power Signal Injection and Monitoring'. Together they form a unique fingerprint.

Cite this