Go to DBLP homepageMAD: One-Shot Machine Activity Detector for Physics-Based Cyber Security
Abstract: Side channel analysis offers several advantages over traditional machine monitoring methods. The low intrusiveness, independence with the host, data reliability and difficulty to bypass are compelling arguments for using involuntary emissions as input for enforcing security policies. However, side-channel information often comes in the form of unlabeled time series of a proxy variable of the activity. Enabling the definition and enforcement of high-level security policies requires extracting the state or activity of the system from the input data. We present in this paper a novel time series, one-shot pattern locator and classifier called Machine Activity Detector (MAD) specifically designed and evaluated for side-channel analysis. We evaluate MAD in two case studies on a variety of machines and datasets where it outperforms other traditional state detection solutions and presents formidable performances for security rules enforcement. Results of state detection with MAD enable the definition and verification of high-level security rules to detect various attacks without any interaction with the monitored machine.
Loading