Detecting Software Attacks by Monitoring Electric Power Consumption Patterns

Inventor

Grant A. Jacoby
Nathaniel J. Davis IV, Air Force Institute of Technology
Randolph C. Marchany

Abstract

Software attacks such as worms and viruses are detected in an electronic device by monitoring power consumption patterns. In a first embodiment, software attacks are detected by an increase in power consumption. The increased power consumption can be caused by increased network traffic, or by increased activity in the microprocessor. Monitoring power consumption is particularly effective for detecting DOS/flooding attacks when the electronic device is in an idle state. In a second embodiment, a power consumption signal is converted to the frequency domain (e.g., by fast Fourier transform). The highest amplitude frequencies are identified. Specific software attacks produce characteristic frequencies in the power consumption signal. Software attacks are therefore detected by matching the highest amplitude frequencies with frequencies associated with specific worms and viruses. Identification of a particular software attack typically requires matching of 3 or more of the highest amplitude frequencies, and, optionally, amplitude information.

Document Type

Patent

Status

Issued

Issue Date

1-25-2011

Patent Number

US 7877621 [ 7,877,621 ] ; US7877621B2

CPC Classification

G 06 F 11/3062

Application number

11/574619

Assignees

The United States of America as represented by the Secretary of the Army

Filing Date

6-24-2005

Recommended Citation

Jacoby, G. A. (2011). Detecting Software Attacks by Monitoring Electric Power Consumption Patterns (United States Patent No. US7877621B2). https://scholar.afit.edu/patents/84