Profiling Running Applications in Connected Devices Through Side-Channel and Machine Learning Techniques

Vincenzo Rega; Domenico Capriglione; Fabrizio Marignetti; Mario Molinara; Andrea Amodei

doi:10.1109/ACCESS.2024.3491916

IEEE Access (Jan 2024)

Profiling Running Applications in Connected Devices Through Side-Channel and Machine Learning Techniques

Vincenzo Rega,
Domenico Capriglione,
Fabrizio Marignetti,
Mario Molinara,
Andrea Amodei

Affiliations

Vincenzo Rega: ORCiD; Department of Electrical and Information Engineering, University of Cassino and Southern Lazio, Cassino, Italy
Domenico Capriglione: ORCiD; Department of Electrical and Information Engineering, University of Cassino and Southern Lazio, Cassino, Italy
Fabrizio Marignetti: ORCiD; Department of Electrical and Information Engineering, University of Cassino and Southern Lazio, Cassino, Italy
Mario Molinara: ORCiD; Department of Electrical and Information Engineering, University of Cassino and Southern Lazio, Cassino, Italy
Andrea Amodei: ORCiD; Department of Electrical and Information Engineering, University of Cassino and Southern Lazio, Cassino, Italy

DOI: https://doi.org/10.1109/ACCESS.2024.3491916
Journal volume & issue: Vol. 12
pp. 170923 – 170935

Abstract

Read online

In the field of cybersecurity, the ability to gather detailed information about target systems is a critical component of the reconnaissance phase of cyber attacks. This phase, known as cybersecurity reconnaissance, involves techniques that adversaries use to collect information vital for the success of subsequent attack stages. Traditionally, reconnaissance activities include network scanning, sniffing, and social engineering, which allow attackers to map the network, identify vulnerabilities, and plan their exploits. In this paper, we explore a novel application of side-channel analysis within system-based reconnaissance. Side-channel attacks, typically used to extract cryptographic keys or sensitive data through indirect observations such as power consumption or electromagnetic emissions, are here repurposed for a different kind of system intrusion. Specifically, we demonstrate how side-channel analysis and machine learning techniques can classify running processes on a target system that are very popular in common IoT applications. This approach is particularly concerning for IoT environments where devices often control critical infrastructure or handle sensitive data. The ability to identify active applications can reveal operation patterns, system behaviors, and potential vulnerabilities that traditional security measures may not protect against. Moreover, in IoT scenarios, this information can be leveraged to orchestrate sophisticated attacks targeting specific services or to exploit timing-based vulnerabilities when certain critical applications are running. By categorizing this approach as a form of local system-based reconnaissance, we highlight its potential to silently gather critical information about a system’s state. Such capabilities represent a significant breach of privacy and provide attackers with the intelligence needed to carry out more targeted and effective attacks. This research also underscores the evolving nature of reconnaissance techniques and the growing risks of advanced side-channel cybersecurity methods.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords