Abstract
The widespread of embedded devices in virtually all types of critical applications has rendered them a lucrative target for attackers and evildoers. However, modifying traditional well-known perimeter protection mechanisms such as Intrusion Detection Systems to function in corresponding devices is not a trivial task. The main challenges revolve around Random Access Memory (RAM) memory and processing limitations. Recently, the analysis of electromagnetic emanations has gathered the interest of the research community. Thus, analogous protection systems have emerged as a viable solution for providing external, non-intrusive control-flow attestation for resource-constrained devices. Unfortunately, the majority of current work fails to account for the implications of real-life factors, predominantly the impact of environmental noise. In this work, we introduce a framework that integrates Singular Value Decomposition (SVD) along with outlier detection mechanisms for discovering malicious modifications in the execution of embedded software even under variable conditions of noise. Our proposed framework achieves near-perfect accuracy, i.e., above 99% AUC score of even minimal and unknown code injection attacks in moderately noisy environments, e.g., 0 SNR, and maintains high detection accuracy, i.e., above 93% AUC score for unseen attacks, even under extreme noise conditions, i.e., -10 SNR. To the best of our knowledge, this is the first time this realistic limiting factor, i.e., environmental noise, has been successfully addressed in the context of EM-based anomaly detection for embedded devices.