Malicious Network Activity Detection through Electromagnetic Radiation in Wired Ethernet

Abstract

Abstract Traditional network security measures, while effective in fortifying network infrastructure, face limitations in scenarios where physical interception of network traffic is unfeasible, such as in network forensics investigations or within resource-constrained Internet of Things (IoT) environments. This necessitates the development of noninvasive detection techniques capable of discerning malicious network activities without imposing undue burdens on network resources. In recent years, exploration into Electromagnetic Radiation (EMR) analysis has emerged as a promising avenue for non-invasive monitoring and analysis of network traffic. This research investigates the viability of employing Electromagnetic (EM) side-channel analysis (SCA) to detect malicious network activities in wired Ethernet environments. A hardware setup was devised to simulate an attacker and a victim connected via a Cat 6 cable. Three types of Denial of Service (DoS) attacks (DoS HTTP, DoS TCP, DoS UDP) were simulated across the cable, and respective EM traces were captured. Additionally, benign traffic traces were collected during periods of no intentional communication between the two devices. An H-loop antenna connected to a HackRF One software-defined radio (SDR) device was utilized for data collection. These traces were divided into training and testing datasets, with the training set used to train three models: Random Forest Classifier (RFC) with AdaBoost, Multilayer Perceptron (MLP), and Support Vector Machine (SVM). Subsequently, the model was applied to the testing set, achieving a classification accuracy of 99.70% for distinguishing between normal and malicious traces. These findings demonstrate the feasibility of detecting malicious network-based attacks in a non-invasive manner with sufficient reliability.