Malware Detection Using Electromagnetic Side-Channel Analysis

Author

Matthew A. Bergstedt

Date of Award

3-2022

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

James W. Dean, PhD

Abstract

Many physical systems control or monitor important applications without the capacity to monitor for malware using on-device resources. Thus, it becomes valuable to explore malware detection methods for these systems utilizing external or off-device resources. This research investigates the viability of employing EM SCA to determine whether a performed operation is normal or malicious. A Raspberry Pi 3 was set up as a simulated motor controller with code paths for a normal or malicious operation. While the normal path only calculated the motor speed before updating the motor, the malicious path added a line of code to modify the calculated speed. A script from a control terminal then sent a signal to the Pi to have it conduct either the normal or malicious operation while an EM probe was set up to collect emission traces of those operations. These traces were split into training and testing data sets, with the training set used to train a SVC model. Afterwards, the model was run on the testing set and achieved 96% classification accuracy for classifying the trace as either normal or anomalous.

AFIT Designator

AFIT-ENG-MS-22-M-008

DTIC Accession Number

AD1166829

Recommended Citation

Bergstedt, Matthew A., "Malware Detection Using Electromagnetic Side-Channel Analysis" (2022). Theses and Dissertations. 5316.
https://scholar.afit.edu/etd/5316