CONFERENCE PROCEEDINGS
Advanced Search >
Home > Proceedings > Volume 10630 > Article
Translator Disclaimer
Paper
15 May 2018 CASPER: an efficient approach to detect anomalous code execution from unintended electronic device emissions
Hira Agrawal, Ray Chen, Jeffrey K. Hollingsworth, Christine Hung, Rauf Izmailov, John Koshy, Joe Liberti, Chris Mesterharm, Josh Morman, Thimios Panagos, Marc Pucci, Işil Sebüktekin, Scott Alexander, Simon Tsang
Author Affiliations +
Proceedings Volume 10630, Cyber Sensing 2018; 106300V (2018) https://doi.org/10.1117/12.2500234
Event: SPIE Defense + Security, 2018, Orlando, Florida, United States
Abstract
The CASPER system offers a lightweight, multi-disciplinary approach to detect the execution of anomalous code by monitoring the unintended electronic device emissions. Using commodity hardware and a combination of novel signal processing, machine learning, and program analysis techniques, we have demonstrated the ability to detect unknown code running on a device placed 12” from the CASPER system by analyzing the devices RF emissions. Our innovations for the sensors subsystem include multi-antenna processing algorithms which allow us to extend range and extract signal features in the presence of background noise and interference encountered in realistic training and monitoring environments. In addition, robust feature estimation methods have been developed that allow detection of device operating conditions in the presence of varying clock frequency and other aspects that may change from device to device or from training to monitoring. Furthermore, a band-scan technique has been implemented to automatically identify suitable frequency bands for monitoring based on a set of metrics including received power, expected spectral feature content (based on loop length and clock frequency), kurtosis, and mode clustering. CASPER also includes an auto-labeling feature that is used to discover the signal processing features that provide the greatest information for detection without human intervention. The system additionally includes a framework for anomaly detection engines, currently populated with three engines based on n-grams, statistical frequency, and control flow. As we will describe, the combination of these engines reduces the ways in which an attacker can adapt in an attempt to hide from CASPER. We will describe the CASPER concept, components and technologies used, a summary of results to-date, and plans for further development. CASPER is an ongoing research project funded under the DARPA LADS program.
© (2018) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Hira Agrawal, Ray Chen, Jeffrey K. Hollingsworth, Christine Hung, Rauf Izmailov, John Koshy, Joe Liberti, Chris Mesterharm, Josh Morman, Thimios Panagos, Marc Pucci, Işil Sebüktekin, Scott Alexander, and Simon Tsang "CASPER: an efficient approach to detect anomalous code execution from unintended electronic device emissions", Proc. SPIE 10630, Cyber Sensing 2018, 106300V (15 May 2018); https://doi.org/10.1117/12.2500234
ACCESS THE FULL ARTICLE
PERSONAL SIGN IN
Full access may be available with your subscription
Forgot your username?
Forgot your password?
No SPIE account? Create an account
Institutional Access:
Sign in with your institutional credentials
PURCHASE THIS CONTENT
INTERESTED IN A FREE CORPORATE TRIAL?
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 20 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
SHARE
GET CITATION
< Previous Article
|
Advertisement
Advertisement
KEYWORDS
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top