Anomaly Detection in Embedded Devices Through Hardware Introspection

The growth in the number of embedded devices within society has increased and continues to increase significantly throughout the world. The evolution of cyber-physical systems and their availability on the Internet of Things domain has made it possible to incorporate these devices in systems to provide environmental monitoring and status evaluation. The deployment of these devices requires high levels of security to protect their functionality. This includes detecting any potential impact on the devices' integrity, as it can have a negative impact on its performance, functionality, and security. We propose a Hardware Introspection for Anomaly Detection (HIAD) framework that aims to detect abnormal device behavior through machine learning techniques employing processor-level hardware debugging capabilities. Through the JTAG (Joint Test Action Group) interface found in embedded devices, we can extract memory traces and utilize the extracted data to form image representations to train machine learning and deep learning models to detect anomalous execution. HIAD is a powerful tool that can monitor a bare-metal program's execution while minimally impacting performance, and yielding effective identification of execution variations.