We present results showing that software programs which are not part of the training set can be characterized into broad classes using involuntary RF side channels. This extends previous work on program identification through analog side channels focused on identifying the specific program out of the training set or flagging previously-unseen programs as "anomalous." This new approach enables an intrusion detection system to be robust to benign changes such as software updates and eliminates the need for an exhaustive training set which covers all possible device functions and states. We have applied our approach to a variety of devices under test, ranging from microcontrollers to laptop computers, and identify program classes such as processor-bound, signal processing, database access, etc. This approach is particularly applicable for defending devices which lack the computational resources to run traditional cybersecurity solutions, including industrial control systems (ICS) and internet of things (IoT) devices.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.