Embedded devices are omnipresent in modern networks including the ones operating inside critical environments. However, due to their constrained nature, novel mechanisms are required to provide external, and non-intrusive anomaly detection. Among such approaches, one that has gained traction is based on the analysis of the electromagnetic (EM) signals that get emanated during a device's operation. However, one of the most neglected challenges of this approach is the requirement for manually gathering and fingerprinting the signals that correspond to each execution path of the software/firmware. Indeed, even simple programs are comprised of hundreds if not thousands of branches thus, making the fingerprinting stage an extremely time-consuming process that involves the manual labor of a human specialist. To address this issue, we propose a framework for generating synthetic EM signals directly from the machine code. The synthetic signals can be used to train a Machine Learning based (ML) system for anomaly detection. The main advantage of the proposed approach is that it completely removes the need for an elaborate and error-prone fingerprinting stage, thus, dramatically increasing the scalability of the corresponding protection mechanisms. The experimental evaluations indicate that our method provides high detection accuracy (above 90% AUC score) when employed for the detection of injection attacks. Moreover, the proposed methodology inflicts only a small penalty (-1.3%) in accuracy for the detection of the injection of as little as four malicious instructions when compared to the same methods if real signals were to be used.

翻译：嵌入式设备在现代网络中无处不在，包括运行在关键环境中的设备。然而，由于其资源受限的特性，需要新颖的机制来提供外部且非侵入式的异常检测。在诸多方法中，一种备受关注的方式是基于分析设备运行过程中辐射的电磁信号。然而，该方法最易被忽视的挑战之一在于，需要手动采集并标记与软件/固件每条执行路径对应的信号指纹。事实上，即便是简单的程序也包含数百甚至数千个分支，这使得指纹标记阶段成为一项极其耗时且需要人类专家手动操作的过程。为解决这一问题，我们提出了一种直接从机器代码生成合成电磁信号的框架。这些合成信号可用于训练基于机器学习的异常检测系统。该方法的主要优势在于完全消除了繁琐且易错的指纹标记阶段，从而显著提升了相应保护机制的可扩展性。实验评估表明，当该方法用于检测注入攻击时，能够提供高检测精度（AUC分数超过90%）。此外，与使用真实信号相比，所提方法在检测仅包含四条恶意指令的注入攻击时，精度损失极小（仅下降1.3%）。