Towards Scalable Anomaly Detection for Embedded Devices through Synthetic EM Fingerprinting

Embedded devices are omnipresent in modern networks, including those facilitating missioncritical applications. However, due to their constrained nature, novel mechanisms are required to provide external, and non-intrusive defenses. Among such approaches, one that has gained traction is based on analyzing the emanated electromagnetic (EM) signals. Unfortunately, one of the most neglected challenges of this approach is the manual gathering and fingerprinting of the corresponding EM signals. Indeed, even simple programs are comprised of numerous branches, making the fingerprinting stage extremely timeconsuming, and requiring the manual labor of an expert. To address this issue, we propose a framework for generating synthetic EM signals directly from machine code. These subsequent signals can be used to train an anomaly detection system. The advantage of this approach is that it completely removes the need for an elaborate and error-prone fingerprinting stage, thus, increasing the scalability of the protection mechanisms. The experimental evaluations indicate that our method provides above 90% detection accuracy against code injection attacks. Moreover, the proposed methodology inflicts only -1.3% penalty in accuracy for detecting injections of as little as four malicious instructions when compared to the same methods of training on real signals.