Accession Number:

AD1166829

Title:

Malware Detection Using Electromagnetic Side-Channel Analysis

Descriptive Note:

[Technical Report, Master's Thesis]

Corporate Author:

AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH

Personal Author(s):

• Bergstedt , Matthew A.

Report Date:

2022-03-01

Pagination or Media Count:

89

Abstract:

Many physical systems control or monitor important applications without the capacity to monitor for malware using on-device resources. Thus, it becomes valuable to explore malware detection methods for these systems utilizing external or off-device resources. This research investigates the viability of employing EM SCA to determine whether a performed operation is normal or malicious. A Raspberry Pi 3 was set up as a simulated motor controller with code paths for a normal or malicious operation. While the normal path only calculated the motor speed before updating the motor, the malicious path added a line of code to modify the calculated speed. A script from a control terminal then sent a signal to the Pi to have it conduct either the normal or malicious operation while an EM probe was set up to collect emission traces of those operations. These traces were split into training and testing data sets, with the training set used to train a SVC model. Afterwards, the model was run on the testing set and achieved 96 classification accuracy for classifying the trace as either normal or anomalous.

Descriptors:

• supervised machine learning
• change detection
• machine learning
• air force
• control systems
• anomaly detection
• information science
• computer programming
• network science
• statistical analysis
• artificial intelligence
• computers
• computer science
• detection
• operating systems
• accuracy
• computational science

Subject Categories:

• Military Operations, Strategy and Tactics
• Computer Systems

Distribution Statement:

[A, Approved For Public Release]