Date of Award

12-2025

Document Type

Thesis

Degree Name

Master of Science

Degree Discipline

Electrical Engineering

Abstract

Air-gapped computer systems are physically isolated from unsecured networks. Though isolated, they remain vulnerable to covert data exfiltration via electromagnetic side channels and other covert-channel attacks. This research presents a comprehensive approach to detecting electromagnetic data exfiltration by establishing a controlled laboratory environment using low-cost, readily available hardware components. The study shows a proof-of-concept covert data transmission system that exploits electromagnetic emissions from computer memory access patterns through software-controlled Random Access Memory (RAM) operations.

The research methodology involved developing a C++ transmitter program that modulates CPU and memory-intensive operations to generate detectable electromagnetic signals at 100 MHz frequency, and implementing a Python-based receiver integrated with RTL-SDR (Software Defined Radio) for signal detection and analysis. A methodologically generated dataset containing 1,194 timestamped process metrics was generated with binary classification labels, deliberately sized to ensure proper ground truth quality after rejecting an initial larger dataset that exhibited severe data leakage. The final dataset captures both normal system behavior and periods of active covert transmission, intentionally including realistic operational noise to provide an authentic detection challenge.

Machine learning analysis using Random Forest classification achieved highly successful detection performance with 92.47% accuracy and 98.56% ROC-AUC score. Rigorous validation, including shuffled-label baseline testing (54.60% accuracy, 48.40% ROC-AUC), confirmed the absence of data leakage and validated genuine detection capability. Memory usage patterns exhibited the highest feature importance (0.8475), validating theoretical predictions about memory-based electromagnetic covert channels creating distinctive behavioral signatures.

The findings demonstrate that while electromagnetic covert channels can be successfully implemented using commodity hardware, they are reliably detectable through machine learning-based analysis of standard system behavioral metrics. The study provides significant implications for cybersecurity in air-gapped networks and sensitive computing environments, and contributes a valuable, publicly available dataset for future research in covert channel detection.

Index Terms - air-gap security, covert channels, electromagnetic emissions, machine learning, random forest, rtl-sdr, side-channel attacks.

Committee Chair/Advisor

Mohamed Chouikha

Committee Member

Annamalai Annamalai

Committee Member

Akshay Kulkarni

Publisher

Prairie View A&M University

Rights

© 2021 Prairie View A & M University

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Date of Digitization

12/09/2025

Contributing Institution

J. B . Coleman Library

City of Publication

Prairie View

MIME Type

Application/PDF

Download


Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.