{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T18:36:18Z","timestamp":1743100578473,"version":"3.40.3"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031746420"},{"type":"electronic","value":"9783031746437"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-74643-7_20","type":"book-chapter","created":{"date-parts":[[2024,12,31]],"date-time":"2024-12-31T23:19:58Z","timestamp":1735687198000},"page":"261-276","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Side-Channel Based Runtime Intrusion Detection for\u00a0Network Equipment"],"prefix":"10.1007","author":[{"given":"Arthur","family":"Grisel-Davy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Goksen U.","family":"Guler","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julian","family":"Dickert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philippe","family":"Vibien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Waleed","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jack","family":"Morgan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Moreno","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sebastian","family":"Fischmeister","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,1,1]]},"reference":[{"issue":"1","key":"20_CR1","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1109\/MCC.2014.26","volume":"1","author":"K Bilal","year":"2014","unstructured":"Bilal, K., Malik, S.U.R., Khan, S.U., Zomaya, A.Y.: Trends and challenges in cloud datacenters. IEEE Cloud Comput. 1(1), 10\u201320 (2014). https:\/\/doi.org\/10.1109\/MCC.2014.26","journal-title":"IEEE Cloud Comput."},{"key":"20_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-28632-5_2","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2004","author":"E Brier","year":"2004","unstructured":"Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16\u201329. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28632-5_2"},{"issue":"3","key":"20_CR3","doi-asserted-by":"publisher","first-page":"584","DOI":"10.1109\/TIFS.2014.2376177","volume":"10","author":"M \u010cagalj","year":"2014","unstructured":"\u010cagalj, M., Perkovi\u0107, T., Bugari\u0107, M.: Timing attacks on cognitive authentication schemes. IEEE Trans. Inf. Forensics Secur. 10(3), 584\u2013596 (2014)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"20_CR4","unstructured":"Calvi, M.G.: Runtime Monitoring of Cyber-Physical Systems Using Data-driven Models. Ph.D. thesis, University of Illinois at Chicago (2019)"},{"key":"20_CR5","unstructured":"Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: NDSS (2013). http:\/\/ids.cs.columbia.edu\/sites\/default\/files\/ndss-2013.pdf"},{"key":"20_CR6","unstructured":"CVE-2018-0150. National Vulnerability Database (2018). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-0150"},{"key":"20_CR7","unstructured":"CVE-2018-0151. National Vulnerability Database (2018), https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-0151"},{"key":"20_CR8","unstructured":"CVE-2018-0222. National Vulnerability Database (2018). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-0222"},{"key":"20_CR9","unstructured":"CVE-2019-12649. National Vulnerability Database (2019). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-12649"},{"key":"20_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-662-44371-2_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"D Genkin","year":"2014","unstructured":"Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444\u2013461. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_25"},{"key":"20_CR11","unstructured":"Goldack, M., Paar, I.C.: Side-channel based reverse engineering for microcontrollers. Master\u2019s thesis, Ruhr-Universit\u00e4t Bochum, Germany (2008)"},{"key":"20_CR12","unstructured":"Greenberg, A.: Router-hacking \u201cslingshot\u201d spy operation compromised more than 100 targets (2018). https:\/\/www.wired.com\/story\/router-hacking-slingshot-spy-operation-compromised-more-than-100-targets\/-compromised-more-than-100-targets\/"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Grisel-Davy, A., Bhogayata, A.M., Pabbi, S., Narayan, A., Fischmeister, S.: Work-in-progress: boot sequence integrity verification with power analysis. In: 2022 International Conference on Embedded Software (EMSOFT), pp.\u00a03\u20134. IEEE (2022)","DOI":"10.1109\/EMSOFT55006.2022.00009"},{"issue":"2","key":"20_CR14","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1109\/TIFS.2011.2178403","volume":"7","author":"C Hanilci","year":"2011","unstructured":"Hanilci, C., Ertas, F., Ertas, T., Eskidere, \u00d6.: Recognition of brand and models of cell-phones from recorded speech signals. IEEE Trans. Inf. Forensics Secur. 7(2), 625\u2013634 (2011)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"20_CR15","unstructured":"Hau, B.: SYNful Knock \u2013 A Cisco router implant \u2013 Part I (2015). https:\/\/www.fireeye.com\/blog\/threat-research\/2015\/09\/synful_knock_-_acis.html"},{"key":"20_CR16","unstructured":"Hernandez, G., Arias, O., Buentello, D., Jin, Y.: Smart nest thermostat: a smart spy in your home. In: Black Hat, USA, pp.\u00a01\u20138 (2014)"},{"issue":"8","key":"20_CR17","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735\u20131780 (1997)","journal-title":"Neural Comput."},{"key":"20_CR18","doi-asserted-by":"crossref","unstructured":"IBM: Cost of a Data Breach Full Report 2022 (2023). https:\/\/www.ibm.com\/downloads\/cas\/3R8N1DZJ","DOI":"10.12968\/S1353-4858(22)70049-9"},{"key":"20_CR19","unstructured":"Kataria, J., Housley, R., Pantoga, J., Cui, A.: Defeating cisco trust anchor: a case-study of recent advancements in direct FPGA bitstream manipulation. In: 13th USENIX Workshop on Offensive Technologies (WOOT 19). USENIX Association, Santa Clara (2019). https:\/\/www.usenix.org\/conference\/woot19\/presentation\/kataria"},{"issue":"4","key":"20_CR20","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/s41635-019-00074-w","volume":"3","author":"HA Khan","year":"2019","unstructured":"Khan, H.A., Sehatbakhsh, N., Nguyen, L.N., Prvulovic, M., Zaji\u0107, A.: Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. J. Hardware Syst. Secur. 3(4), 305\u2013318 (2019)","journal-title":"J. Hardware Syst. Secur."},{"key":"20_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1007\/978-3-642-15512-3_35","volume-title":"Recent Advances in Intrusion Detection","author":"R Koch","year":"2010","unstructured":"Koch, R., Rodosek, G.D.: Security system for encrypted environments (S2E2). In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 505\u2013507. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15512-3_35"},{"key":"20_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"P Kocher","year":"1999","unstructured":"Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388\u2013397. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_25"},{"key":"20_CR23","unstructured":"Kovacs, E.: Cisco firewall exploited in attack on U.S. renewable energy firm (2019). https:\/\/www.securityweek.com\/cisco-firewall-vulnerability-exploited-attack-us-renewable-energy-provider-attack-us-renewable-energy-provider"},{"key":"20_CR24","doi-asserted-by":"publisher","unstructured":"Liu, A.X., Xiao, L., Pongaliur, K., Kempel, L., Abraham, Z.: Securing sensor nodes against side channel attacks. In: 2008 IEEE 11th High-Assurance Systems Engineering Symposium, pp. 353\u2013361. IEEE Computer Society, Los Alamitos (2008). https:\/\/doi.org\/10.1109\/HASE.2008.26","DOI":"10.1109\/HASE.2008.26"},{"key":"20_CR25","unstructured":"Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol.\u00a031. Springer, Heidelberg (2008)"},{"key":"20_CR26","doi-asserted-by":"publisher","unstructured":"Moreno, C., Fischmeister, S.: Non-intrusive runtime monitoring through power consumption to enforce safety and security properties in embedded systems. Formal Methods Syst. Des. 53(1), 113\u2013137 (2018). https:\/\/doi.org\/10.1007\/s10703-017-0298-3","DOI":"10.1007\/s10703-017-0298-3"},{"key":"20_CR27","doi-asserted-by":"crossref","unstructured":"Moreno, C., Fischmeister, S., Hasan, M.A.: Non-intrusive program tracing and debugging of deployed embedded systems through side-channel analysis. In: Proceedings of the 14th ACM SIGPLAN\/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems, pp. 77\u201388 (2013)","DOI":"10.1145\/2491899.2465570"},{"key":"20_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/978-3-319-10175-0_18","volume-title":"Constructive Side-Channel Analysis and Secure Design","author":"M Msgna","year":"2014","unstructured":"Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying software integrity in embedded systems: a side channel approach. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 261\u2013280. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10175-0_18"},{"key":"20_CR29","doi-asserted-by":"publisher","unstructured":"Pothukuchi, R.P., Pothukuchi, S.Y., Voulgaris, P.G., Schwing, A., Torrellas, J.: Maya: using formal control to obfuscate power side channels. In: 2021 ACM\/IEEE 48th Annual International Symposium on Computer Architecture (ISCA). IEEE (2021). https:\/\/doi.org\/10.1109\/isca52012.2021.00074. https:\/\/arxiv.org\/abs\/1907.09440","DOI":"10.1109\/isca52012.2021.00074"},{"key":"20_CR30","unstructured":"Response, S.S.: Thousands of ubiquiti airos routers hit with worm attacks (2016). https:\/\/www.symantec.com\/connect\/fr\/blogs\/thousands-ubiquiti-airos-routers-hit-worm-attacks-airos-routers"},{"key":"20_CR31","doi-asserted-by":"crossref","unstructured":"Rohatgi, P.: Electromagnetic attacks and countermeasures. In: Cryptographic Engineering, pp. 407\u2013430 (2009)","DOI":"10.1007\/978-0-387-71817-0_15"},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Russell, J.T., Jacome, M.F.: Software power estimation and optimization for high performance, 32-bit embedded processors. In: Proceedings International Conference on Computer Design. VLSI in Computers and Processors (Cat. No. 98CB36273), pp. 328\u2013333 (1998)","DOI":"10.1109\/ICCD.1998.727070"},{"key":"20_CR33","doi-asserted-by":"crossref","unstructured":"Sehatbakhsh, N., et al.: Remote: robust external malware detection framework by using electromagnetic signals. IEEE Trans. Comput. (2019)","DOI":"10.1109\/TC.2019.2945767"},{"key":"20_CR34","doi-asserted-by":"publisher","unstructured":"Shehabi, A., et al.: United States data center energy usage report (2016). https:\/\/doi.org\/10.2172\/1372902","DOI":"10.2172\/1372902"},{"key":"20_CR35","doi-asserted-by":"crossref","unstructured":"Sun, C., Shrivastava, A., Singh, S., Gupta, A.: Revisiting unreasonable effectiveness of data in deep learning era. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 843\u2013852 (2017)","DOI":"10.1109\/ICCV.2017.97"},{"key":"20_CR36","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Ioffe, S., Vanhoucke, V., Alemi, A.A.: Inception-v4, inception-resnet and the impact of residual connections on learning. In: Thirty-First AAAI Conference on Artificial Intelligence (2017)","DOI":"10.1609\/aaai.v31i1.11231"},{"key":"20_CR37","unstructured":"Thomson, I.: It\u2019s 2019 so now security vulnerabilities are branded using emojis: meet thrangrycat, a cisco router secure boot flaw (2019). https:\/\/www.theregister.co.uk\/2019\/05\/13\/cisco_thrangrycat_vulnerability\/"},{"key":"20_CR38","doi-asserted-by":"crossref","unstructured":"Xie, S., Girshick, R., Doll\u00e1r, P., Tu, Z., He, K.: Aggregated residual transformations for deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1492\u20131500 (2017)","DOI":"10.1109\/CVPR.2017.634"},{"key":"20_CR39","doi-asserted-by":"crossref","unstructured":"Yilmaz, B.B., Ugurlu, E.M., Prvulovic, M., Zajic, A.: Detecting cellphone camera status at distance by exploiting electromagnetic emanations. In: MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), pp.\u00a01\u20136. IEEE (2019)","DOI":"10.1109\/MILCOM47813.2019.9021060"},{"issue":"8","key":"20_CR40","doi-asserted-by":"publisher","first-page":"1692","DOI":"10.1109\/TIFS.2015.2422674","volume":"10","author":"X Zhai","year":"2015","unstructured":"Zhai, X., et al.: A method for detecting abnormal program behavior on embedded devices. IEEE Trans. Inf. Forensics Secur. 10(8), 1692\u20131704 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"20_CR41","doi-asserted-by":"crossref","unstructured":"Zhengbing, H., Jun, S., Shirochin, V.P.: An intelligent lightweight intrusion detection system with forensics technique. In: 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, pp. 647\u2013651 (2007)","DOI":"10.1109\/IDAACS.2007.4488501"}],"container-title":["Communications in Computer and Information Science","Machine Learning and Principles and Practice of Knowledge Discovery in Databases"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-74643-7_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T02:35:00Z","timestamp":1735698900000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-74643-7_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031746420","9783031746437"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-74643-7_20","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2023.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}