{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:36:13Z","timestamp":1760060173984,"version":"build-2065373602"},"reference-count":34,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,8,11]],"date-time":"2025-08-11T00:00:00Z","timestamp":1754870400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>In today\u2019s era of technology, where information is readily available anytime and from anywhere, safeguarding our privacy and sensitive data is more important than ever. The thermal sensors embedded within a CPU are primarily utilized for monitoring and regulating the processor\u2019s temperature during operation. However, they can serve as valuable components in increasing the security of a system as well, by enabling the detection of anomalies through temperature monitoring. This study presents three distinct methods demonstrating that anomalies in CPU heat dissipation can be effectively detected using the thermal sensors of a CPU, even under conditions of significant environmental use. First, it evaluates the Hot-n-Cold anomaly detection technique across various noisy environments, demonstrating that the presence of additional lines of code inserted into a Linux command can be identified through thermal analysis. Second, it detects the CryptoTrooper ransomware attack by fingerprinting the associated cryptographic processes in terms of temperature. Finally, it detects unauthorized system login attempts by capturing and analyzing their distinctive thermal signatures. This study demonstrates that various detection mechanisms can be implemented using thermal sensors to enhance system security. It also motivates the need for further research in this relatively underexplored area with the goal of developing more effective methods of protecting data.<\/jats:p>","DOI":"10.3390\/jcp5030056","type":"journal-article","created":{"date-parts":[[2025,8,11]],"date-time":"2025-08-11T09:59:13Z","timestamp":1754906353000},"page":"56","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["When Things Heat Up: Detecting Malicious Activity Using CPU Thermal Sensors"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1232-6991","authenticated-orcid":false,"given":"Teodora","family":"Vasilas","sequence":"first","affiliation":[{"name":"Department of Computer Science, Electrical and Electronics Engineering, \u201cLucian Blaga\u201d University of Sibiu, 550025 Sibiu, Romania"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8100-1379","authenticated-orcid":false,"given":"Remus","family":"Brad","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Electrical and Electronics Engineering, \u201cLucian Blaga\u201d University of Sibiu, 550025 Sibiu, Romania"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,8,11]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Vasilas, T., Jakobsche, T., and Ciorba, F.M. (2023, January 10\u201312). Hot-n-Cold: Mapping the Syscall Attack Surface Using Thermal Side Channels, 2023. Proceedings of the 2023 22nd International Symposium on Parallel and Distributed Computing (ISPDC), Bucharest, Romania.","DOI":"10.1109\/ISPDC59212.2023.00022"},{"key":"ref_2","unstructured":"(2025, May 01). CryptoTrooper: The First Linux White-Box Ransomware for Learning Purpose. Available online: https:\/\/github.com\/jdsecurity\/CryptoTrooper\/tree\/master."},{"key":"ref_3","unstructured":"Masti, R.J., Rai, D., Ranganathan, A., M\u00fcller, C., Thiele, L., and Capkun, S. (2015, January 12\u201314). Thermal covert channels on multi-core platforms. Proceedings of the USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Bartolini, D.B., Miedl, P., and Thiele, L. (2016, January 18\u201321). On the capacity of thermal covert channels in multicores. Proceedings of the Eleventh European Conference on Computer Systems, London, UK.","DOI":"10.1145\/2901318.2901322"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Long, Z., Wang, X., Jiang, Y., Cui, G., Zhang, L., and Mak, T. (2018, January 19\u201323). Improving the efficiency of thermal covert channels in multi-\/many-core systems. Proceedings of the 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany.","DOI":"10.23919\/DATE.2018.8342241"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dey, S., Singh, A.K., and McDonald-Maier, K. (2021). ThermalAttackNet: Are CNNs making it easy to perform temperature side-channel attack in mobile edge devices?. Future Internet, 13.","DOI":"10.3390\/fi13060146"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"25718","DOI":"10.1109\/ACCESS.2022.3156596","article-title":"ThermalBleed: A practical thermal side-channel attack","volume":"10","author":"Kim","year":"2022","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Mishra, N., Dutta, T.L., Shukla, S., Chakraborty, A., and Mukhopadhyay, D. (2024, January 6\u20139). Too hot to handle: Novel thermal side-channel in power attack-protected Intel processors. Proceedings of the 2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Tysons Corner, VA, USA.","DOI":"10.1109\/HOST55342.2024.10545405"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Allec, N., Hassan, Z., Shang, L., Dick, R.P., and Yang, R. (2008, January 10\u201313). ThermalScope: Multi-scale thermal analysis for nanometer-scale integrated circuits. Proceedings of the 2008 IEEE\/ACM International Conference on Computer-Aided Design, San Jose, CA, USA.","DOI":"10.1109\/ICCAD.2008.4681639"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Gu, P., Stow, D., Barnes, R., Kursun, E., and Xie, Y. (2016, January 2\u20135). Thermal-aware 3D design for side-channel information leakage. Proceedings of the 2016 IEEE 34th International Conference on Computer Design (ICCD), Scottsdale, AZ, USA.","DOI":"10.1109\/ICCD.2016.7753336"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Huang, H., Wang, X., Jiang, Y., Singh, A.K., Yang, M., and Huang, L. (2020, January 20\u201324). On countermeasures against the thermal covert channel attacks targeting many-core systems. Proceedings of the 2020 57th ACM\/IEEE Design Automation Conference (DAC), San Francisco, CA, USA.","DOI":"10.1109\/DAC18072.2020.9218648"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1109\/TCAD.2021.3059245","article-title":"Detection of and countermeasure against thermal covert channel in many-core systems","volume":"41","author":"Huang","year":"2021","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Wu, Q., Wang, X., and Chen, J. (2021, January 29\u201331). Defending against thermal covert channel attacks by task migration in many-core system. Proceedings of the 2021 IEEE 3rd International Conference on Circuits and Systems (ICCS), Chengdu, China.","DOI":"10.1109\/ICCS52645.2021.9697251"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Rahimi, P., Singh, A.K., and Wang, X. (2022). Selective noise based power-efficient and effective countermeasure against thermal covert channel attacks in multi-core systems. J. Low Power Electron. Appl., 12.","DOI":"10.3390\/jlpea12020025"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"4064","DOI":"10.1109\/TCAD.2022.3197344","article-title":"Combating stealthy thermal covert channel attack with its thermal signal transmitted in direct sequence spread spectrum","volume":"41","author":"Wang","year":"2022","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"971","DOI":"10.1109\/TC.2022.3189578","article-title":"Detection of thermal covert channel attacks based on classification of components of the thermal signal features","volume":"72","author":"Wang","year":"2022","journal-title":"IEEE Trans. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Gonz\u00e1lez-G\u00f3mez, J., Sikal, M.B., Khdr, H., Bauer, L., and Henkel, J. (2023, January 9\u201313). Smart detection of obfuscated thermal covert channel attacks in many-core processors. Proceedings of the 2023 60th ACM\/IEEE Design Automation Conference (DAC), San Francisco, CA, USA.","DOI":"10.1109\/DAC56929.2023.10247844"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Vasilas, T., Bacila, C., and Brad, R. (2024). Beat the Heat: Syscall Attack Detection via Thermal Side Channel. Future Internet, 16.","DOI":"10.3390\/fi16080301"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"103134","DOI":"10.1016\/j.cose.2023.103134","article-title":"Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art","volume":"128","author":"Ling","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_20","unstructured":"(2025, June 07). Intel\u00ae Core\u2122 i7-10700F Processor. Available online: https:\/\/www.intel.com\/content\/www\/us\/en\/products\/sku\/199318\/intel-core-i710700f-processor-16m-cache-up-to-4-80-ghz\/specifications.html."},{"key":"ref_21","unstructured":"(2025, June 07). Intel\u00ae Core\u2122 i7-13700 Processor. Available online: https:\/\/www.intel.com\/content\/www\/us\/en\/products\/sku\/230490\/intel-core-i713700-processor-30m-cache-up-to-5-20-ghz\/specifications.html."},{"key":"ref_22","unstructured":"(2025, June 07). Intel\u00ae Core\u2122 i9-11900K Processor. Available online: https:\/\/www.intel.com\/content\/www\/us\/en\/products\/sku\/212325\/intel-core-i911900k-processor-16m-cache-up-to-5-30-ghz\/specifications.html."},{"key":"ref_23","unstructured":"(2025, May 30). Kernel driver coretemp. Available online: https:\/\/docs.kernel.org\/hwmon\/coretemp.html."},{"key":"ref_24","unstructured":"(2025, June 13). Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4. Available online: https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/782158\/intel-64-and-ia-32-architectures-software-developer-s-manual-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html?wapkw=intel%2064%20and%20ia-32%20architectures%20software%20developer%27s%20manual&docid=782158."},{"key":"ref_25","unstructured":"(2025, June 13). The Linux Kernel Archives. Available online: https:\/\/www.kernel.org\/doc\/Documentation\/hwmon\/sysfs-interface."},{"key":"ref_26","unstructured":"(2025, May 30). stress-ng. Available online: https:\/\/github.com\/ColinIanKing\/stress-ng."},{"key":"ref_27","unstructured":"(2025, June 07). Intel Core i9-11900K and Core i5-11600K Review: Rocket Lake Blasts Off. Available online: https:\/\/www.tomshardware.com\/reviews\/intel-core-i9-11900k-and-i5-11600k-review."},{"key":"ref_28","unstructured":"(2025, June 01). Apache HTTP Server Project. Available online: https:\/\/httpd.apache.org\/."},{"key":"ref_29","unstructured":"(2025, May 30). Common Vulnerabilities and Exposures. Available online: https:\/\/www.cve.org\/."},{"key":"ref_30","unstructured":"(2024, November 25). GNU Core Utilities. Available online: https:\/\/github.com\/coreutils\/coreutils."},{"key":"ref_31","unstructured":"(2025, June 01). OpenSSL: The Open Source Toolkit for SSL\/TLS. Available online: https:\/\/www.openssl.org\/."},{"key":"ref_32","unstructured":"(2025, May 30). ssh\u2014Linux Manual Page. Available online: https:\/\/man7.org\/linux\/man-pages\/man1\/ssh.1.html."},{"key":"ref_33","unstructured":"(2025, June 01). OpenSSH Server. Available online: https:\/\/documentation.ubuntu.com\/server\/how-to\/security\/openssh-server\/index.html."},{"key":"ref_34","unstructured":"(2025, June 01). Random.org. Available online: https:\/\/www.random.org\/."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/3\/56\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:24:32Z","timestamp":1760034272000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/3\/56"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,11]]},"references-count":34,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,9]]}},"alternative-id":["jcp5030056"],"URL":"https:\/\/doi.org\/10.3390\/jcp5030056","relation":{},"ISSN":["2624-800X"],"issn-type":[{"type":"electronic","value":"2624-800X"}],"subject":[],"published":{"date-parts":[[2025,8,11]]}}}