Detecting air-gapped attacks using machine learning

Abstract A GSMem malware can attack a computer connected physically with no network. However, none of the existing techniques can detect GSMem attacks, up to now. To address this problem, this paper puts forward a new method based on Machine Learning (ML), including Logistic Regression (LR), Random Forest (RF), Support Vector Machine (SVM), Boosted Tree (BT), Back-Propagation Neural Networks (BPNN) and Naive Bayes Classifier (NBC). At first, we use a large quantity of data in terms of frequencies and amplitudes of some electromagnetic waves to train our models. And then, we use the obtained models to predict that whether a GSMem attack occurs or not, according to a given frequency and amplitude. In a word, the GSMem intrusion detection problem is induced to a ML binary classification one, while the former problem is pending and the latter one has been solved. As a result, the former problem can be solved in principle in this way. The simulated experiments show that the new method is potential to detect a GSMem attack, with low False Positive Rates (FPR) and low False Negative Rates (FNR).

[1]  Boris Kovalerchuk,et al.  Visual knowledge discovery and machine learning for investment strategy , 2017, Cognitive Systems Research.

[2]  Mordechai Guri,et al.  GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies , 2015, USENIX Security Symposium.

[3]  Hedieh Sajedi,et al.  Question classification in Persian using word vectors and frequencies , 2018, Cognitive Systems Research.

[4]  Michael Hanspach,et al.  Recent Developments in Covert Acoustical Communications , 2014, Sicherheit.

[5]  Mordechai Guri,et al.  LED-it-GO: Leaking (A Lot of) Data from Air-Gapped Computers via the (Small) Hard Drive LED , 2017, DIMVA.

[6]  Mohamed Batouche,et al.  Investigation on deep learning for off-line handwritten Arabic character recognition , 2017, Cognitive Systems Research.

[7]  Mordechai Guri,et al.  Acoustic Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard-Drive Noise ('DiskFiltration') , 2017, ESORICS.

[8]  Mordechai Guri,et al.  USBee: Air-gap covert-channel via electromagnetic emission from USB , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[9]  Mordechai Guri,et al.  Bridging the Air Gap between Isolated Networks and Mobile Phones in a Practical Cyber-Attack , 2017, ACM Trans. Intell. Syst. Technol..

[10]  James T. Graham,et al.  Motivated learning for the development of autonomous systems , 2012, Cognitive Systems Research.

[11]  Kun Zhou,et al.  Crowd-driven mid-scale layout design , 2016, ACM Trans. Graph..

[12]  Michael Hanspach,et al.  On Covert Acoustical Mesh Networks in Air , 2014, J. Commun..

[13]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[14]  G. Menzies,et al.  Barro-Gordon Revisited: Reputational Equilibria with Inferential Expectations , 2010 .