Candidate: Arthur Grisel-Davy
Date: September 25, 2024
Time: 10:00 AM
Location: E5 4047
Supervisor: Fischmeister, Sebastian
Abstract:
The analysis of running processes is a common step for any Host-Based Intrusion Detection System (HIDS) and enable anomaly detection, rules and activity mining, and downstream analysis of suspicious processes. In response to this surveillance, many malware employ some sort of process masquerading technique to hide or impersonate a legitimate process. Thus, in case of an attack, the list of running process from a machine may not necessarily include all processes or describe them truthfully. Restoring the trust in this list of process required leveraging a different source of information, independent from the cooperation of the monitored machine.
In this seminar I will present my work on using power side-channel data to validate a list of processes. This study explores different machine learning methods to predict the power consumption of a list of process and detect variations from the real consumption, indicators of process list tampering.