Malware Detection Using Electromagnetic Side-Channel Analysis
[Technical Report, Master's Thesis]
AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH
Pagination or Media Count:
Many physical systems control or monitor important applications without the capacity to monitor for malware using on-device resources. Thus, it becomes valuable to explore malware detection methods for these systems utilizing external or off-device resources. This research investigates the viability of employing EM SCA to determine whether a performed operation is normal or malicious. A Raspberry Pi 3 was set up as a simulated motor controller with code paths for a normal or malicious operation. While the normal path only calculated the motor speed before updating the motor, the malicious path added a line of code to modify the calculated speed. A script from a control terminal then sent a signal to the Pi to have it conduct either the normal or malicious operation while an EM probe was set up to collect emission traces of those operations. These traces were split into training and testing data sets, with the training set used to train a SVC model. Afterwards, the model was run on the testing set and achieved 96 classification accuracy for classifying the trace as either normal or anomalous.
- Military Operations, Strategy and Tactics
- Computer Systems