Go to DBLP homepageBehavior Recognition and Anomaly Detection Utilizing Memory Electromagnetic Emanation
Abstract: Electronic information systems inherently emit Compromising Emanations (CE) during information processing and transmission activities. Such emissions become potential vectors for information leakage, exacerbated by malware and side-channel attacks that amplify CE or manipulate devices to produce specific electromagnetic outputs. Notably, the malware "AIR-FI" precise electromagnetic emissions by manipulating computer memory operations, facilitating the clandestine exfiltration of critical data. When the attack was detected, it was found that the spectrum of memory radiation signals in the controlled state was similar to the spectrum of memory radiation signals in the normal state. Consequently, it is advisable to employ long-term monitoring in conjunction with behavioral recognition techniques for the effective detection of such attacks. We propose a novel methodology for distinguishing between normal and anomalous memory behaviors, leveraging Joint Skewness and Kurtosis Index Features (JSKF) alongside statistical attributes. Our empirical validation, conducted across six computer memory units under four distinct conditions, underscores the efficacy and applicability of our approach. This research significantly contributes to the realm of covert attack detection on computer memory, highlighting the critical need for advanced diagnostic tools in cyber security.
External IDs:dblp:conf/milcom/GuoXZHG24
Loading