A statistical pre-processing method for computationally efficient cyber-attack identification based on electromagnetic measurements

The miniaturization and lightning trend of connected devices implies an important reduction of computational burden of the algorithms running on them, especially those continuously running in the background. This is particularly true in case of cyberattack defense approaches, which are crucial in all cases where data content is critical and device self-defense is limited due to its being lightweight. To this aim, an effective pre-processing method is presented in this paper. This is developed in order to distinguish communication flows into regular or anomalous traffic, whatever be the reason of anomaly. Accordingly, the method allows to filter incoming traffic and activate eventual cyberattack detection methods (typically adopting Machine Learning or Deep Learning classification stages) only in case of detected anomalies. The developed system leverages on electromagnetic measurements of the emissions of devices under different operating conditions, making the proposal not invasive and not requiring any sensitive data demodulation as well as inner monitoring processes. The paper outcomes are mainly two: i) a pre-processing step enabling the development of an anomaly detection measurement system based on low-computational burden; ii) highlighting and quantifying the resource-saving amount concerning the direct adoption of a classification method.