Hardware-Based Intrusion Detection Using Thermal Side-Channels

Threats posed by malware have thrust cybersecurity to the forefront of system design considerations. Domain-specific constraints prohibit many devices from supporting traditional host-based protections, which themselves can be subverted by advanced malware. This research proposes a platform agnostic anomaly-based intrusion detection system (ADS) that operates outside of malware’s sphere of influence. The ADS resides on-chip and collects thermal side-channels via device-level sensors implemented alongside an embedded processor. Changes in this side-channel correlate to global system behavior, providing an unsubvertible intrusion detection source. We investigate the efficacy of this approach by evaluating the accuracy of traditional classification algorithms for datasets collected from benign and infected Linux environments on the target device. We then explore an additional use case for this side-channel called divergence detection. Our experimental methodology seeks to determine to what extent are device-level thermal side channels effective as an intrusion detection source for constrained systems? (Published abstract provided)