Related papers: MeMoir: A Software-Driven Covert Channel based on Memory Usage

MeMoir: A Software-Driven Covert Channel based on Memory Usage

URL: http://arxiv.org/abs/2409.13310v1
Date: Fri, 20 Sep 2024 08:10:36 GMT
Title: MeMoir: A Software-Driven Covert Channel based on Memory Usage
Authors: Jeferson Gonzalez-Gomez, Jose Alejandro Ibarra-Campos, Jesus Yamir Sandoval-Morales, Lars Bauer, Jörg Henkel,
Abstract summary: MeMoir is a novel software-driven covert channel that, for the first time, utilizes memory usage as the medium for the channel. We implement a machine learning-based detector that can predict whether an attack is present in the system with an accuracy of more than 95%. We introduce a noise-based countermeasure that effectively mitigates the attack while inducing a low power overhead in the system.
Score: 7.424928818440549
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Covert channel attacks have been continuously studied as severe threats to modern computing systems. Software-based covert channels are a typically hard-to-detect branch of these attacks, since they leverage virtual resources to establish illegitimate communication between malicious actors. In this work, we present MeMoir: a novel software-driven covert channel that, for the first time, utilizes memory usage as the medium for the channel. We implemented the new covert channel on two real-world platforms with different architectures: a general-purpose Intel x86-64-based desktop computer and an ARM64-based embedded system. Our results show that our new architecture- and hardware-agnostic covert channel is effective and achieves moderate transmission rates with very low error. Moreover, we present a real use-case for our attack where we were able to communicate information from a Hyper-V virtualized enviroment to a Windows 11 host system. In addition, we implement a machine learning-based detector that can predict whether an attack is present in the system with an accuracy of more than 95% with low false positive and false negative rates by monitoring the use of system memory. Finally, we introduce a noise-based countermeasure that effectively mitigates the attack while inducing a low power overhead in the system compared to other normal applications.

Related papers

Amplifying Main Memory-Based Timing Covert and Side Channels using Processing-in-Memory Operations [6.709670986126109]
We show that processing-in-memory (PiM) solutions provide a new way to directly access main memory, which malicious user applications can exploit. We introduce IMPACT, a set of high- throughput main memory-based timing attacks that leverage characteristics of PiM architectures to establish covert and side channels. Our results demonstrate that our covert channels achieve 12.87 Mb/s and 14.16 Mb/s communication throughput, respectively, which is up to 4.91x and 5.41x faster than the state-of-the-art main memory-based covert channels.
arXiv Detail & Related papers (2024-04-17T11:48:14Z)
Efficient and accurate neural field reconstruction using resistive memory [52.68088466453264]
Traditional signal reconstruction methods on digital computers face both software and hardware challenges. We propose a systematic approach with software-hardware co-optimizations for signal reconstruction from sparse inputs. This work advances the AI-driven signal restoration technology and paves the way for future efficient and robust medical AI and 3D vision applications.
arXiv Detail & Related papers (2024-04-15T09:33:09Z)
Exploiting CPU Clock Modulation for Covert Communication Channel [0.3277163122167433]
We unveil a novel covert channel exploiting the duty cycle modulation feature of modern x86 processors. Specifically, we illustrate how two collaborating processes, a sender and a receiver can manipulate this feature to transmit sensitive information surreptitiously. Our live system implementation demonstrates that this covert channel can achieve a data transfer rate of up to 55.24 bits per second.
arXiv Detail & Related papers (2024-04-08T19:23:04Z)
Discovering Malicious Signatures in Software from Structural Interactions [7.06449725392051]
We propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution.
arXiv Detail & Related papers (2023-12-19T23:42:20Z)
EV-Catcher: High-Speed Object Catching Using Low-latency Event-based Neural Networks [107.62975594230687]
We demonstrate an application where event cameras excel: accurately estimating the impact location of fast-moving objects. We introduce a lightweight event representation called Binary Event History Image (BEHI) to encode event data at low latency. We show that the system is capable of achieving a success rate of 81% in catching balls targeted at different locations, with a velocity of up to 13 m/s even on compute-constrained embedded platforms.
arXiv Detail & Related papers (2023-04-14T15:23:28Z)
Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial Attacks [70.51799606279883]
We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications. We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
arXiv Detail & Related papers (2022-12-20T17:13:22Z)
Enhancing the Security & Privacy of Wearable Brain-Computer Interfaces [7.972396153788745]
Brain computing interfaces (BCI) are used in a plethora of safety/privacy-critical applications. They are susceptible to a multiplicity of attacks across the hardware, software, and networking stacks used. We introduce Argus, the first information flow control system for wearable BCI applications that mitigates these attacks.
arXiv Detail & Related papers (2022-01-19T16:51:18Z)
Channel-wise Gated Res2Net: Towards Robust Detection of Synthetic Speech Attacks [67.7648985513978]
Existing approaches for anti-spoofing in automatic speaker verification (ASV) still lack generalizability to unseen attacks. We present a novel, channel-wise gated Res2Net (CG-Res2Net), which modifies Res2Net to enable a channel-wise gating mechanism.
arXiv Detail & Related papers (2021-07-19T12:27:40Z)
Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
SCNet: A Neural Network for Automated Side-Channel Attack [13.0547560056431]
We propose SCNet, which automatically performs side-channel attacks. We also design this network combining with side-channel domain knowledge and different deep learning model to improve the performance. The proposed model is a useful tool for automatically testing the robustness of computer systems.
arXiv Detail & Related papers (2020-08-02T13:14:12Z)
Firearm Detection and Segmentation Using an Ensemble of Semantic Neural Networks [62.997667081978825]
We present a weapon detection system based on an ensemble of semantic Convolutional Neural Networks. A set of simpler neural networks dedicated to specific tasks requires less computational resources and can be trained in parallel. The overall output of the system given by the aggregation of the outputs of individual networks can be tuned by a user to trade-off false positives and false negatives.
arXiv Detail & Related papers (2020-02-11T13:58:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.