Real-time Instruction-Level Anomaly Detection for Embedded Applications using AI

Item request has been placed!

Item request cannot be made.

Processing Request

Read More Add to Saved list

Author(s): Nasser, Yehya; Mezaouli, Mohammed; Saoudi, Samir; Pahl, Marc-Oliver
Source:
Workshop on Management of Complex Threats In conjunction with IEEE/IFIP Network Operations and Management Symposium - NOMS 2026 ; https://imt-atlantique.hal.science/hal-05543603 ; Workshop on Management of Complex Threats In conjunction with IEEE/IFIP Network Operations and Management Symposium - NOMS 2026, IEEE/IFIP Network Operations and Management Symposium - NOMS 2026, May 2026, Rome, Italy
Subject Terms:
Embedded; Microarchitecture; Vulnerability; Instruction; ARM; ARM Instruction Vulnerability Microarchitecture Embedded; [INFO.INFO-ES]Computer Science [cs]/Embedded Systems
Document Type:
conference object
Language:
English

Additional Information
- Contributors:
  Département Mathematical and Electrical Engineering (IMT Atlantique - MEE); IMT Atlantique (IMT Atlantique); Institut Mines-Télécom Paris (IMT)-Institut Mines-Télécom Paris (IMT); Equipe Algorithm Architecture Interactions (Lab-STICC_2AI); Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC); École Nationale d'Ingénieurs de Brest (ENIB); Université de Brest (UBO EPE)-Institut National Polytechnique de Bretagne (Bretagne INP)-Université de Brest (UBO EPE)-Institut National Polytechnique de Bretagne (Bretagne INP)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique); Institut Mines-Télécom Paris (IMT)-Institut Mines-Télécom Paris (IMT)-École Nationale Supérieure de Techniques Avancées (ENSTA); Institut Polytechnique de Paris (IP Paris)-Institut Polytechnique de Paris (IP Paris)-École Nationale d'Ingénieurs de Brest (ENIB); Institut Polytechnique de Paris (IP Paris)-Institut Polytechnique de Paris (IP Paris); Equipe Communication System Design (Lab-STICC_COSYDE); Département Systèmes Réseaux, Cybersécurité et Droit du numérique (IMT Atlantique - SRCD); Technische Universität Munchen = Technical University Munich = Université Technique de Munich (TUM); IEEE/IFIP Network Operations and Management Symposium - NOMS 2026
- Publication Information:
  CCSD
- Publication Date:
  2026
- Collection:
  Archives ouvertes Hal IMT Atlantique
- Subject Terms:
  Rome; Italy
- Abstract:
  International audience ; Bare-metal embedded systems, such as ARM Cortex-M4-based devices, are vulnerable to attacks such as buffer overflows due to the lack of operating system protection. This paper presents a novel approach for detecting standard C library functions -such as memcpy, memset, strncat-that are susceptible to such vulnerabilities by analyzing micro-architectural instruction traces. We propose machine learning pipelines, including CNN-, LSTM-, and autoencoder-based detectors. Our approach uses data pre-processing techniques, such as sliding windows with varying stride are employed to optimize classification accuracy. Evaluating the algorithm with 25 custom workloads simulating common weaknesses (e.g., CWE-120, CWE-126) shows 93.89% TPR, 73.19% TNR, 26.81% FPR, and 6.11% FNR. This work advances IoT security by enabling online and real-time vulnerable function identification supporting zero-day attack detection. This goes beyond existing techniques targeting only higher-level platforms.
- Online Access:
  https://imt-atlantique.hal.science/hal-05543603
  https://imt-atlantique.hal.science/hal-05543603v1/document
  https://imt-atlantique.hal.science/hal-05543603v1/file/Noms_2026_MEZAOULI.pdf
- Rights:
  https://creativecommons.org/licenses/by-nd/4.0/ ; info:eu-repo/semantics/OpenAccess
- Accession Number:
  edsbas.385D480B

Comments

No Comments.

Real-time Instruction-Level Anomaly Detection for Embedded Applications using AI

Contact

Follow us