Toward Improving the Security of IoT and CPS Devices: An AI Approach

Abstract

Detecting anomalously behaving devices in security-and-safety-critical applications is an important challenge. This article presents an off-device methodology for detecting the anomalous behavior of devices considering their power consumption data. The methodology takes advantage of the fact that every action on-board a device will be reflected in its power trace. This argument makes it inevitable for anomalously behaving device to go undetected. We transform the device’s one-dimensional (1D) instantaneous power consumption signals to 2D time–frequency images using Constant Q Transformation (CQT). The CQT images capture valuable information about the tasks performed on-board a device. By applying Histograms of Oriented Gradients (HOG) on the CQT images, we extract robust features that preserve the edges of time–frequency structures and capture the directionality of the edge information. Consequently, we transform the anomaly detection problem into an image classification problem. We train a Convolutional Neural Network on the HOG images to classify the power signals to detect anomaly. We validated the methodology using a wide spectrum of emulated malware scenarios, five real malware applications from the well-known Drebin dataset, Distributed Denial of Service attacks, cryptomining malware, and faulty CPU cores. Across 18 datasets, our methodology demonstrated detection performance of ∼88% accuracy and 85% F-Score, resulting in improvements of 9–17% over other methods using power signals.