Translator Disclaimer
15 May 2018 CASPER: an efficient approach to detect anomalous code execution from unintended electronic device emissions
Author Affiliations +
The CASPER system offers a lightweight, multi-disciplinary approach to detect the execution of anomalous code by monitoring the unintended electronic device emissions. Using commodity hardware and a combination of novel signal processing, machine learning, and program analysis techniques, we have demonstrated the ability to detect unknown code running on a device placed 12” from the CASPER system by analyzing the devices RF emissions. Our innovations for the sensors subsystem include multi-antenna processing algorithms which allow us to extend range and extract signal features in the presence of background noise and interference encountered in realistic training and monitoring environments. In addition, robust feature estimation methods have been developed that allow detection of device operating conditions in the presence of varying clock frequency and other aspects that may change from device to device or from training to monitoring. Furthermore, a band-scan technique has been implemented to automatically identify suitable frequency bands for monitoring based on a set of metrics including received power, expected spectral feature content (based on loop length and clock frequency), kurtosis, and mode clustering. CASPER also includes an auto-labeling feature that is used to discover the signal processing features that provide the greatest information for detection without human intervention. The system additionally includes a framework for anomaly detection engines, currently populated with three engines based on n-grams, statistical frequency, and control flow. As we will describe, the combination of these engines reduces the ways in which an attacker can adapt in an attempt to hide from CASPER. We will describe the CASPER concept, components and technologies used, a summary of results to-date, and plans for further development. CASPER is an ongoing research project funded under the DARPA LADS program.
© (2018) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Hira Agrawal, Ray Chen, Jeffrey K. Hollingsworth, Christine Hung, Rauf Izmailov, John Koshy, Joe Liberti, Chris Mesterharm, Josh Morman, Thimios Panagos, Marc Pucci, Işil Sebüktekin, Scott Alexander, and Simon Tsang "CASPER: an efficient approach to detect anomalous code execution from unintended electronic device emissions", Proc. SPIE 10630, Cyber Sensing 2018, 106300V (15 May 2018);

Back to Top