Skip to main content

Heartbeat: Detecting Malware by Periodic Power Signal Injection and Monitoring...

by Stacy J Prowell, Joel A Dawson, Ali Passian
Publication Type
ORNL Report
Publication Date

Rootkits and other stealthy malware attempt to conceal their presence on a computer by making changes to the host computer’s operating environment. ORNL’s Heartbeat technology detects these changes, and thus the malware itself. Heartbeat operates by directly monitoring the DC power consumption of the computer while a set of operations, the “heartbeat,” is executed periodically. These operations exercise parts of the operating system that are common targets of malware tampering. The power consumption during these heartbeat events is monitored and then compared to a previously learned baseline, with any significant deviation detected and analyzed. This technology has been tested and validated in a laboratory environment, and ORNL is currently seeking a deployment partner to allow for further in-context development and testing of this technology.