Oladapo Ajike Master’s Thesis Defense, Monday, November 10, 2025 @ 1:00 pm Central Time

COMMITTEE CHAIR: Dr. Mohamed Chouikha

TITLE: MACHINE LEARNING-BASED DETECTION OF COVERT DATA EXFILTRATION VIA ELECTROMAGNETIC SIDE-CHANNEL EMISSIONS FROM COMPUTER MEMORY IN AIR-GAPPED SYSTEMS

ABSTRACT: Air-gapped computer systems are physically isolated from unsecured networks. Though isolated, they remain vulnerable to covert data exfiltration through electromagnetic side channels and other covert channel attacks. This research presents a comprehensive approach to detecting electromagnetic data exfiltration by establishing a controlled laboratory environment using low-cost, readily available hardware components. The study shows a proof-of-concept covert data transmission system that exploits electromagnetic emissions from computer memory access patterns through software-controlled Random Access Memory (RAM) operations. The research methodology involved developing a C++ transmitter program that modulates CPU and memory-intensive operations to generate detectable electromagnetic signals at 100 MHz frequency, and implementing a Python-based receiver integrated with RTL-SDR (Software Defined Radio) for signal detection and analysis. A methodologically generated dataset containing 1,194 timestamped process metrics was generated with binary classification labels, deliberately sized to ensure proper ground truth quality after rejecting an initial larger dataset that exhibited severe data leakage. The final dataset captures both normal system behavior and periods of active covert transmission, intentionally including realistic operational noise to provide an authentic detection challenge. Machine learning analysis using Random Forest classification achieved highly successful detection performance with 92.47% accuracy and 98.56% ROC-AUC score. Rigorous validation, including shuffled-label baseline testing (54.60% accuracy, 48.40% ROC-AUC), confirmed the absence of data leakage and validated genuine detection capability. Memory usage patterns exhibited the highest feature importance (0.8475), validating theoretical predictions about memory-based electromagnetic covert channels creating distinctive behavioral signatures. The findings demonstrate that while electromagnetic covert channels can be successfully implemented using commodity hardware, they are reliably detectable through machine learning-based analysis of standard system behavioral metrics. The study provides significant implications for cybersecurity in air-gapped networks and sensitive computing environments, and contributes a valuable publicly available dataset for future research in covert channel detection.

Index Terms: air-gap security, covert channels, electromagnetic emissions, machine learning, random forest, RTL-SDR, side-channel attacks.

Room Location: Electrical Engineering Conference Room 315D