Research On Electromagnetic Environment Anomaly Detection Technology Based On Machine Learning

With the continuous updating and improvement of information security protection measures,the way to attack information security is constantly updating.In addition to attacks against electronic devices that connected to the Internet,such as Trojans,viruses,worms and so on,attacks against physically isolated devices have been matured.This type of Trojan is electromagnetic leaking Trojan.It is developed from capturing the electromagnetic wave signals radiated from the computer monitor and replaying the content that displayed on the display 100 meters away with electromagnetic leakage reduction technology.With the continuous advancement of software-defined radio technology and signals acquisition technology,the current electromagnetic Trojan can already capture leaked electromagnetic signals from printers,DVI interfaces,processors,etc.The electromagnetic Trojan can also choose what information,when and how to theft with the help of software-defined radio.The electromagnetic Trojan's attack solution can break through the physical isolation network,and the way for leaking does not use the system network resources,which leads to the inability of the traditional firewall and other intrusion detection devices to effectively prevent it,leading a huge threat to the system information security.Most of the main solutions that used now are shielding signals,interference signals and using experienced security personnel to observe the signals waterfall,which collected from monitoring areas,to find the attack.Based on the existing solutions,this paper analyzed the attacking mode and working mode of electromagnetic Trojan,and proposes an electromagnetic Trojan detection scheme based on big data technology and deep learning method,which shifts the work of electromagnetic Trojan analysis from artificial to artificial intelligence.First of all,use the software-defined radio technology to capture the electromagnetic wave signals from 10 MHz to 3000 MHz,and then combine the white list,the signals could be demodulated,the intensity change rate to filter the signals,screen out the signals that does not need to be analyzed,the signals that works normally and the signals outside of the area.Secondly,according to the Trojan's attack method,a pattern of dividing the signals in the frequency domain by time window and adopting 27 characteristics from time,information amount and energy in the signals are proposed to characterize the captured electromagnetic signals.The LSTM algorithm is selected for the characterization of the signals for modeling analysis and anomaly detection.The results show that the algorithm has 96% accuracy to identify electromagnetic Trojan attacks.It shows that such an algorithm has a good effect in the active detection of electromagnetic Trojan,can effectively prevent and discover the electromagnetic Trojan,and liberate the electromagnetic Trojan analysis from the manual to the computer processing.