Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection

摘要

Some embodiments described herein include a system that collects and learns reference side-channel normal activity, process it to reveal key features, compares subsequent collected data and processed data for anomalous behavior, and reports such behavior to a management center where this information is displayed and predefine actions can be executed when anomalous behavior is observed. In some instances, a physical side channel (e.g. and indirect measure of program execution such as power consumption or electromagnetic emissions and other physical signals) can be used to assess the execution status in a processor or digital circuit using an external monitor and detect, with extreme accuracy, when an unauthorized execution has managed to disrupt the normal operation of a target system (e.g., a computer system, etc.).

主权项

1. An apparatus, comprising:
a probe configured to capture side-channel information relating to an operation status of a target device, the probe in a permanently fixed position relative to the target device during a life span of anomaly detection on the target device; a fixture, configured to fixedly hold the probe such that the probe is in a permanently fixed position relative to the target device; a processor, communicatively coupled to the probe, configured to:
process the side-channel information to extract a first characteristic of the side-channel information,retrieve previously-stored reference side-channel information having a second characteristic and representing a normal activity of the target device,compare the first characteristic with the second characteristic to determine an anomaly of the target device, andsend to a user interface an alert indicative of the anomaly based on the first characteristic and the second characteristic.