Kurt A. Vedros, Georgios Michail Makrakis, C. Kolias, Robert C. Ivans, C. Rieger
{"title":"基于合成电磁指纹的嵌入式设备可扩展异常检测研究","authors":"Kurt A. Vedros, Georgios Michail Makrakis, C. Kolias, Robert C. Ivans, C. Rieger","doi":"10.5121/csit.2023.130507","DOIUrl":null,"url":null,"abstract":"Embedded devices are omnipresent in modern networks, including those facilitating missioncritical applications. However, due to their constrained nature, novel mechanisms are required to provide external, and non-intrusive defenses. Among such approaches, one that has gained traction is based on analyzing the emanated electromagnetic (EM) signals. Unfortunately, one of the most neglected challenges of this approach is the manual gathering and fingerprinting of the corresponding EM signals. Indeed, even simple programs are comprised of numerous branches, making the fingerprinting stage extremely timeconsuming, and requiring the manual labor of an expert. To address this issue, we propose a framework for generating synthetic EM signals directly from machine code. These subsequent signals can be used to train an anomaly detection system. The advantage of this approach is that it completely removes the need for an elaborate and error-prone fingerprinting stage, thus, increasing the scalability of the protection mechanisms. The experimental evaluations indicate that our method provides above 90% detection accuracy against code injection attacks. Moreover, the proposed methodology inflicts only -1.3% penalty in accuracy for detecting injections of as little as four malicious instructions when compared to the same methods of training on real signals.","PeriodicalId":261978,"journal":{"name":"Computer Science, Engineering and Applications","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Scalable Anomaly Detection for Embedded Devices through Synthetic EM Fingerprinting\",\"authors\":\"Kurt A. Vedros, Georgios Michail Makrakis, C. Kolias, Robert C. Ivans, C. Rieger\",\"doi\":\"10.5121/csit.2023.130507\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Embedded devices are omnipresent in modern networks, including those facilitating missioncritical applications. However, due to their constrained nature, novel mechanisms are required to provide external, and non-intrusive defenses. Among such approaches, one that has gained traction is based on analyzing the emanated electromagnetic (EM) signals. Unfortunately, one of the most neglected challenges of this approach is the manual gathering and fingerprinting of the corresponding EM signals. Indeed, even simple programs are comprised of numerous branches, making the fingerprinting stage extremely timeconsuming, and requiring the manual labor of an expert. To address this issue, we propose a framework for generating synthetic EM signals directly from machine code. These subsequent signals can be used to train an anomaly detection system. The advantage of this approach is that it completely removes the need for an elaborate and error-prone fingerprinting stage, thus, increasing the scalability of the protection mechanisms. The experimental evaluations indicate that our method provides above 90% detection accuracy against code injection attacks. Moreover, the proposed methodology inflicts only -1.3% penalty in accuracy for detecting injections of as little as four malicious instructions when compared to the same methods of training on real signals.\",\"PeriodicalId\":261978,\"journal\":{\"name\":\"Computer Science, Engineering and Applications\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Science, Engineering and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5121/csit.2023.130507\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science, Engineering and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/csit.2023.130507","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Scalable Anomaly Detection for Embedded Devices through Synthetic EM Fingerprinting
Embedded devices are omnipresent in modern networks, including those facilitating missioncritical applications. However, due to their constrained nature, novel mechanisms are required to provide external, and non-intrusive defenses. Among such approaches, one that has gained traction is based on analyzing the emanated electromagnetic (EM) signals. Unfortunately, one of the most neglected challenges of this approach is the manual gathering and fingerprinting of the corresponding EM signals. Indeed, even simple programs are comprised of numerous branches, making the fingerprinting stage extremely timeconsuming, and requiring the manual labor of an expert. To address this issue, we propose a framework for generating synthetic EM signals directly from machine code. These subsequent signals can be used to train an anomaly detection system. The advantage of this approach is that it completely removes the need for an elaborate and error-prone fingerprinting stage, thus, increasing the scalability of the protection mechanisms. The experimental evaluations indicate that our method provides above 90% detection accuracy against code injection attacks. Moreover, the proposed methodology inflicts only -1.3% penalty in accuracy for detecting injections of as little as four malicious instructions when compared to the same methods of training on real signals.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
