Machine-Learning Based Anomaly and Intrusion Detection for Microcontrollers

Oct 21 2024

ADI provides a variety of security solutions such as the Trusted Edge Security Architecture that provides a root of trust on device, acting as an anchor for mechanisms such as secure boot and updates. These mechanisms can be referred to as static security, providing a one time verification, between device resets, of device state (software and hardware) before execution is allowed to proceed. However, a variety of applications necessitate long reset cycles, where the microcontroller may not be allowed to reset/reboot for long periods of time. With increasing communication with the outside world, especially when such microcontroller platforms are applied to IoT devices, these devices may have unchecked vulnerabilities that may be exploited remotely by an attacker at any time. Governing bodies and policy makers have begun identifying such issues, and have begun issuing guidance to detect and mitigate such attacks as they occur during device runtime. For example, one of the core tenets of the FDA guidance for modern security posture for devices is to include the ability to detect anomalous events, log them, and attempt to defend against them as they occur.

ADI presents a machine learning technique called AnCyR, developed with our partners at BG networks, that models the correct operation of an application running on our microcontroller. This model is designed to work as part of the Zephyr RTOS requiring minimal configuration by the application developer. Once configured, AnCyR can execute independently of the application and monitor its behavior. Anomalous events are logged and sent over to be displayed on an online dashboard.

Machine-Learning Based Anomaly and Intrusion Detection for Microcontrollers

Oct 21 2024

ADI provides a variety of security solutions such as the Trusted Edge Security Architecture that provides a root of trust on device, acting as an anchor for mechanisms such as secure boot and updates. These mechanisms can be referred to as static security, providing a one time verification, between device resets, of device state (software and hardware) before execution is allowed to proceed. However, a variety of applications necessitate long reset cycles, where the microcontroller may not be allowed to reset/reboot for long periods of time. With increasing communication with the outside world, especially when such microcontroller platforms are applied to IoT devices, these devices may have unchecked vulnerabilities that may be exploited remotely by an attacker at any time. Governing bodies and policy makers have begun identifying such issues, and have begun issuing guidance to detect and mitigate such attacks as they occur during device runtime. For example, one of the core tenets of the FDA guidance for modern security posture for devices is to include the ability to detect anomalous events, log them, and attempt to defend against them as they occur.

ADI presents a machine learning technique called AnCyR, developed with our partners at BG networks, that models the correct operation of an application running on our microcontroller. This model is designed to work as part of the Zephyr RTOS requiring minimal configuration by the application developer. Once configured, AnCyR can execute independently of the application and monitor its behavior. Anomalous events are logged and sent over to be displayed on an online dashboard.