Detecting Code Injections in Noisy Environments Through EM Signal Analysis and SVD Denoising
share
The penetration of embedded devices in networks that support critical applications has rendered them a lucrative target for attackers and evildoers. However, traditional protection mechanisms may not be supported due to the memory and computational limitations of these systems. Recently, the analysis of electromagnetic (EM) emanations has gathered the interest of the research community. Thus, analogous protection systems have emerged as a viable solution e.g., for providing external, non-intrusive control-flow attestation for resource-constrained devices. Unfortunately, the majority of current work fails to account for the implications of real-life factors, predominantly the impact of environmental noise. In this work, we introduce a framework that integrates singular value decomposition (SVD) along with outlier detection for discovering malicious modifications of embedded software even under variable conditions of noise. Our proposed framework achieves high detection accuracy i.e., above 93% AUC score for unknown attacks, even for extreme noise conditions i.e., -10 SNR. To the best of our knowledge, this is the first time this realistic limiting factor, i.e., environmental noise, is successfully addressed in the context of EM-based anomaly detection for embedded devices.
READ FULL TEXT