Detecting Code Injections in Noisy Environments Through EM Signal Analysis and SVD Denoising

TL;DR

This paper presents a novel EM signal analysis framework using SVD and outlier detection to identify code injections in embedded devices, effectively handling environmental noise and achieving high detection accuracy.

Contribution

It introduces the first framework that combines SVD and outlier detection to detect malicious code modifications under noisy conditions in EM-based anomaly detection.

Findings

Achieves above 93% AUC score for unknown attacks.

Effectively detects malicious modifications even at -10 SNR noise levels.

Addresses environmental noise as a critical factor in EM-based detection.

Abstract

The penetration of embedded devices in networks that support critical applications has rendered them a lucrative target for attackers and evildoers. However, traditional protection mechanisms may not be supported due to the memory and computational limitations of these systems. Recently, the analysis of electromagnetic (EM) emanations has gathered the interest of the research community. Thus, analogous protection systems have emerged as a viable solution e.g., for providing external, non-intrusive control-flow attestation for resource-constrained devices. Unfortunately, the majority of current work fails to account for the implications of real-life factors, predominantly the impact of environmental noise. In this work, we introduce a framework that integrates singular value decomposition (SVD) along with outlier detection for discovering malicious modifications of embedded software even under variable conditions of noise. Our proposed framework achieves high detection accuracy i.e., above 93\% AUC score for unknown attacks, even for extreme noise conditions i.e., -10 SNR. To the best of our knowledge, this is the first time this realistic limiting factor, i.e., environmental noise, is successfully addressed in the context of EM-based anomaly detection for embedded devices.