Oracle Corporation
Using EMI fingerprints to detect malicious cryptomining software

Abstract:

The disclosed embodiments provide a system that detects execution of malicious cryptomining software in a target computing system. During operation, the system monitors target electromagnetic interference (EMI) signals generated during operation of the target computing system. Next, the system generates a target EMI fingerprint from the target EMI signals. The system then compares the target EMI fingerprint against a set of malicious EMI fingerprints for different pieces of malicious cryptomining software to determine whether the target computing system is executing malicious cryptomining software.