Embedded System Anomaly Detection via Boot Power Trace Analysis

Abstract

Embedded systems play a crucial role in safety-critical domains, and it is essential to maintain their integrity. This thesis presents a robust framework for detecting hardware and firmware anomalies in embedded systems through boot-phase power consumption analysis. The proposed Sliding Window Anomaly Detection (SWAD) method establishes a nominal boot power profile and compares new boot traces against this baseline using sliding windows. By analyzing localized power dynamics, SWAD detects deviations caused by hardware or firmware modifications while accommodating natural variations in power behaviour. Experimental validation on single-board computers and flight controllers demonstrates the method’s effectiveness in identifying diverse hardware and firmware attacks, achieving overall F1 scores of 98\%, 96\%, and 85\% across three systems used in the case studies. These results highlight the promising role of power side-channel analysis in enhancing security in complex embedded systems.