ML-Enhanced AES Anomaly Detection for Real-Time Embedded Security

TL;DR

This paper presents a real-time, ML-enhanced anomaly detection framework for AES encryption on embedded hardware, improving security against side-channel and fault attacks with high accuracy and efficiency.

Contribution

It introduces a novel framework combining anomaly injection and ML-based detection for AES, implemented on CPU and FPGA, with superior performance over traditional methods.

Findings

ML detection outperforms threshold-based methods in accuracy

Framework achieves real-time detection on embedded hardware

Effective on both CPU and FPGA platforms

Abstract

Advanced Encryption Standard (AES) is a widely adopted cryptographic algorithm, yet its practical implementations remain susceptible to side-channel and fault injection attacks. In this work, we propose a comprehensive framework that enhances AES-128 encryption security through controlled anomaly injection and real-time anomaly detection using both statistical and machine learning (ML) methods. We simulate timing and fault-based anomalies by injecting execution delays and ciphertext perturbations during encryption, generating labeled datasets for detection model training. Two complementary detection mechanisms are developed: a threshold-based timing anomaly detector and a supervised Random Forest classifier trained on combined timing and ciphertext features. We implement and evaluate the framework on both CPU and FPGA-based SoC hardware (PYNQ-Z1), measuring performance across varying block sizes, injection rates, and core counts. Our results show that ML-based detection significantly outperforms threshold-based methods in precision and recall while maintaining real-time performance on embedded hardware. Compared to existing AES anomaly detection methods, our solution offers a low-cost, real-time, and accurate detection approach deployable on lightweight FPGA platforms.