{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:40:25Z","timestamp":1781109625836,"version":"3.54.1"},"reference-count":38,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2024,8,21]],"date-time":"2024-08-21T00:00:00Z","timestamp":1724198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["Future Internet"],"abstract":"<jats:p>As the complexity and integration of electronic devices increase, understanding and mitigating side-channel vulnerabilities will remain a critical area of cybersecurity research. The new and intriguing software-based thermal side-channel attacks and countermeasures use thermal emissions from a device to extract or defend sensitive information, by reading information from the built-in thermal sensors via software. This work extends the Hot-n-Cold anomaly detection technique, applying it in circumstances much closer to the real-world computational environments by detecting irregularities in the Linux command behavior through CPU temperature monitoring. The novelty of this approach lies in the introduction of five types of noise across the CPU, including moving files, performing extended math computations, playing songs, and browsing the web while the attack detector is running. We employed Hot-n-Cold to monitor core temperatures on three types of CPUs utilizing two commonly used Linux terminal commands, ls and chmod. The results show a high correlation, approaching 0.96, between the original Linux command and a crafted command, augmented with vulnerable system calls. Additionally, a Machine Learning algorithm was used to classify whether a thermal trace is augmented or not, with an accuracy of up to 88%. This research demonstrates the potential for detecting attacks through thermal sensors even when there are different types of noise in the CPU, simulating a real-world scenario.<\/jats:p>","DOI":"10.3390\/fi16080301","type":"journal-article","created":{"date-parts":[[2024,8,22]],"date-time":"2024-08-22T04:26:57Z","timestamp":1724300817000},"page":"301","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Beat the Heat: Syscall Attack Detection via Thermal Side Channel"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1232-6991","authenticated-orcid":false,"given":"Teodora","family":"Vasilas","sequence":"first","affiliation":[{"name":"Department of Computer Science, Electrical and Electronics Engineering, University of Sibiu, 4 Emil Cioran Street, 550025 Sibiu, Romania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Claudiu","family":"Bacila","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Electrical and Electronics Engineering, University of Sibiu, 4 Emil Cioran Street, 550025 Sibiu, Romania"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8100-1379","authenticated-orcid":false,"given":"Remus","family":"Brad","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Electrical and Electronics Engineering, University of Sibiu, 4 Emil Cioran Street, 550025 Sibiu, Romania"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"25718","DOI":"10.1109\/ACCESS.2022.3156596","article-title":"ThermalBleed: A practical thermal side-channel attack","volume":"10","author":"Kim","year":"2022","journal-title":"IEEE Access"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Vasilas, T., Jakobsche, T., and Ciorba, F.M. (2023, January 10\u201312). Hot-n-Cold: Mapping the Syscall Attack Surface Using Thermal Side Channels. Proceedings of the 2023 22nd International Symposium on Parallel and Distributed Computing (ISPDC), Bucharest, Romania.","DOI":"10.1109\/ISPDC59212.2023.00022"},{"key":"ref_3","unstructured":"Marek, R. (2024, May 29). Kernel Driver Coretemp. Available online: https:\/\/docs.kernel.org\/hwmon\/coretemp.html."},{"key":"ref_4","unstructured":"(2024, May 29). Common Vulnerabilities and Exposures. Available online: https:\/\/cve.mitre.org\/cve\/search_cve_list.html."},{"key":"ref_5","unstructured":"Masti, R.J., Rai, D., Ranganathan, A., M\u00fcller, C., Thiele, L., and Capkun, S. (2015, January 12\u201314). Thermal covert channels on multi-core platforms. Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, DC, USA."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"613","DOI":"10.1145\/362375.362389","article-title":"A note on the confinement problem","volume":"16","author":"Lampson","year":"1973","journal-title":"Commun. ACM"},{"key":"ref_7","unstructured":"Yarom, Y., Ge, Q., Liu, F., Lee, R.B., and Heiser, G. (2015). Mapping the Intel last-level cache. Cryptol. ePrint Arch., Available online: https:\/\/eprint.iacr.org\/2015\/905."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"101524","DOI":"10.1016\/j.is.2020.101524","article-title":"Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA","volume":"92","author":"Mushtaq","year":"2020","journal-title":"Inf. Syst."},{"key":"ref_9","unstructured":"Lee, R.B. (2022). Security Basics for Computer Architects, Springer Nature."},{"key":"ref_10","unstructured":"Hutter, M., and Schmidt, J.M. (2013, January 27\u201329). The temperature side channel and heating fault attacks. Proceedings of the Smart Card Research and Advanced Applications: 12th International Conference, CARDIS 2013, Berlin, Germany. Revised Selected Papers 12."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Claeys, T., Rousseau, F., Simunovic, B., and Tourancheau, B. (2019, January 15\u201317). Thermal covert channel in Bluetooth low energy networks. Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, Miami, FL, USA.","DOI":"10.1145\/3317549.3319730"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1930","DOI":"10.1109\/TVLSI.2021.3111407","article-title":"Applying thermal side-channel attacks on asymmetric cryptography","volume":"29","author":"Aljuffri","year":"2021","journal-title":"IEEE Trans. Very Large Scale Integr. (VLSI) Syst."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Bartolini, D.B., Miedl, P., and Thiele, L. (2016, January 18\u201321). On the capacity of thermal covert channels in multicores. Proceedings of the Eleventh European Conference on Computer Systems, London, UK.","DOI":"10.1145\/2901318.2901322"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Long, Z., Wang, X., Jiang, Y., Cui, G., Zhang, L., and Mak, T. (2018, January 19\u201323). Improving the efficiency of thermal covert channels in multi-\/many-core systems. Proceedings of the 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany.","DOI":"10.23919\/DATE.2018.8342241"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Dey, S., Singh, A.K., and McDonald-Maier, K. (2021). ThermalAttackNet: Are CNNs making it easy to perform temperature side-channel attack in mobile edge devices?. Future Internet, 13.","DOI":"10.3390\/fi13060146"},{"key":"ref_16","unstructured":"Taneja, H., Kim, J., Xu, J.J., Van Schaik, S., Genkin, D., and Yarom, Y. (2023, January 9\u201311). Hot Pixels: Frequency, Power, and Temperature Attacks on {GPUs} and Arm {SoCs}. Proceedings of the 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1431","DOI":"10.1109\/TSC.2022.3173791","article-title":"Shrinking the kernel attack surface through static and dynamic syscall limitation","volume":"16","author":"Zhan","year":"2022","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Hung, H.W., Liu, Y., and Sani, A.A. (2022, January 17\u201321). Sifter: Protecting security-critical kernel modules in Android through attack surface reduction. Proceedings of the 28th Annual International Conference on Mobile Computing Furthermore, Networking, Sydney, NSW, Australia.","DOI":"10.1145\/3495243.3560548"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1016\/j.future.2022.04.016","article-title":"The devil is in the detail: Generating system call whitelist for Linux seccomp","volume":"135","author":"Xing","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"674","DOI":"10.1109\/TPDS.2020.3029088","article-title":"Cryptomining detection in container clouds using system calls and explainable machine learning","volume":"32","author":"Karn","year":"2020","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Gaidis, A.J., Atlidakis, V., and Kemerlis, V.P. (2023, January 26\u201330). Sysxchg: Refining privilege with adaptive system call filters. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark.","DOI":"10.1145\/3576915.3623137"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Song, S., Suneja, S., Le, M.V., and Tak, B. (2023, January 2\u20138). On the value of sequence-based system call filtering for container security. Proceedings of the 2023 IEEE 16th International Conference on Cloud Computing (CLOUD), Chicago, IL, USA.","DOI":"10.1109\/CLOUD60044.2023.00043"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1186\/s13677-024-00639-3","article-title":"Optimus: Association-based dynamic system call filtering for container attack surface reduction","volume":"13","author":"Yang","year":"2024","journal-title":"J. Cloud Comput."},{"key":"ref_24","unstructured":"Peterson, J.L., and Silberschatz, A. (1985). Operating System Concepts, Addison-Wesley Longman Publishing Co., Inc."},{"key":"ref_25","unstructured":"Tanenbaum, A. (2009). Modern Operating Systems, Pearson Education, Inc."},{"key":"ref_26","unstructured":"Bovet, D.P., and Cesati, M. (2005). Understanding the Linux Kernel: From I\/O Ports to Process Management, O\u2019Reilly Media, Inc."},{"key":"ref_27","unstructured":"Love, R. (2007). Linux System Programming: Talking Directly to the Kernel and C Library, O\u2019Reilly Media, Inc."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1519","DOI":"10.1007\/s10664-017-9551-z","article-title":"Analyzing a decade of Linux system calls","volume":"23","author":"Bagherzadeh","year":"2018","journal-title":"Empir. Softw. Eng."},{"key":"ref_29","unstructured":"(2024, June 04). Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4 - Order Number: 325462-080US June 2023. Available online: https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/782158\/intel-64-and-ia-32-architectures-software-developer-s-manual-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html?wapkw=intel%2064%20and%20ia-32%20architectures%20software%20developer%27s%20manual&docid=782158."},{"key":"ref_30","unstructured":"(2024, June 21). Intel CPU Temperature Guide. Available online: https:\/\/forums.tomshardware.com\/threads\/intel-cpu-temperature-guide.1488337\/."},{"key":"ref_31","unstructured":"(2024, June 16). TechPowerUp\u2014Intel Core i7-10700 Review. Available online: https:\/\/www.techpowerup.com\/review\/intel-core-i7-10700\/3.html."},{"key":"ref_32","unstructured":"Marek, R. (2024, June 04). Kernel Driver Coretemp. Available online: https:\/\/www.kernel.org\/doc\/Documentation\/hwmon\/coretemp."},{"key":"ref_33","unstructured":"(2024, April 19). Clonezilla\u2014The Free and Open Source Software for Disk Imaging and Cloning. Available online: https:\/\/clonezilla.org\/."},{"key":"ref_34","unstructured":"(2024, August 01). Coreutils\u2014GitHub. Available online: https:\/\/github.com\/coreutils\/coreutils."},{"key":"ref_35","unstructured":"(2024, May 03). ffplay Documentation. Available online: https:\/\/ffmpeg.org\/ffplay.html."},{"key":"ref_36","unstructured":"(2024, February 02). taskset(1)\u2014Linux Manual Page. Available online: https:\/\/man7.org\/linux\/man-pages\/man1\/taskset.1.html."},{"key":"ref_37","unstructured":"Keith, G., and Calkins, A.U. (2024, July 18). Applied Statistics\u2014Lesson 5. Correlation Coefficients. Available online: https:\/\/www.andrews.edu\/~calkins\/math\/edrm611\/edrm05.htm."},{"key":"ref_38","unstructured":"(2023, November 30). stress-ng\u2014A Tool to Load and Stress a Computer System. Available online: https:\/\/manpages.ubuntu.com\/manpages\/jammy\/man1\/stress-ng.1.html."}],"updated-by":[{"DOI":"10.3390\/fi16100383","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2024,8,21]],"date-time":"2024-08-21T00:00:00Z","timestamp":1724198400000}}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/8\/301\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T14:48:17Z","timestamp":1754232497000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/8\/301"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,21]]},"references-count":38,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2024,8]]}},"alternative-id":["fi16080301"],"URL":"https:\/\/doi.org\/10.3390\/fi16080301","relation":{"correction":[{"id-type":"doi","id":"10.3390\/fi16100383","asserted-by":"object"}]},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,21]]}}}