Detecting air-gapped attacks using machine learning.

A GSMem malware can attack a computer connected physically with no network. However, none of the existing techniques can detect GSMem attacks, up to now. To address this problem, this paper puts forward a new method based on Machine Learning (ML), including Logistic Regression (LR), Random Forest (RF), Support Vector Machine (SVM), Boosted Tree (BT), Back-Propagation Neural Networks (BPNN) and Naive Bayes Classifier (NBC). At first, we use a large quantity of data in terms of frequencies and amplitudes of some electromagnetic waves to train our models. And then, we use the obtained models to predict that whether a GSMem attack occurs or not, according to a given frequency and amplitude. In a word, the GSMem intrusion detection problem is induced to a ML binary classification one, while the former problem is pending and the latter one has been solved. As a result, the former problem can be solved in principle in this way. The simulated experiments show that the new method is potential to detect a GSMem attack, with low False Positive Rates (FPR) and low False Negative Rates (FNR). [ABSTRACT FROM AUTHOR]