Toward Improving the Security of IoT and CPS Devices: An AI Approach

Detecting anomalously behaving devices in security-and-safety-critical applications is an important challenge. This article presents an off-device methodology for detecting the anomalous behavior of devices considering their power consumption data. The methodology takes advantage of the fact that every action on-board a device will be reflected in its power trace. This argument makes it inevitable for anomalously behaving device to go undetected. We transform the device's one-dimensional (1D) instantaneous power consumption signals to 2D time-frequency images using Constant Q Transformation (CQT). The CQT images capture valuable information about the tasks performed on-board a device. By applying Histograms of Oriented Gradients (HOG) on the CQT images, we extract robust features that preserve the edges of time-frequency structures and capture the directionality of the edge information. Consequently, we transform the anomaly detection problem into an image classification problem. We train a Convolutional Neural Network on the HOG images to classify the power signals to detect anomaly. We validated the methodology using a wide spectrum of emulated malware scenarios, five real malware applications from the well-known Drebin dataset, Distributed Denial of Service attacks, cryptomining malware, and faulty CPU cores. Across 18 datasets, our methodology demonstrated detection performance of similar to 88% accuracy and 85% F-Score, resulting in improvements of 9-17% over other methods using power signals.