English

ML-Enhanced AES Anomaly Detection for Real-Time Embedded Security

Cryptography and Security 2025-07-08 v1

Abstract

Advanced Encryption Standard (AES) is a widely adopted cryptographic algorithm, yet its practical implementations remain susceptible to side-channel and fault injection attacks. In this work, we propose a comprehensive framework that enhances AES-128 encryption security through controlled anomaly injection and real-time anomaly detection using both statistical and machine learning (ML) methods. We simulate timing and fault-based anomalies by injecting execution delays and ciphertext perturbations during encryption, generating labeled datasets for detection model training. Two complementary detection mechanisms are developed: a threshold-based timing anomaly detector and a supervised Random Forest classifier trained on combined timing and ciphertext features. We implement and evaluate the framework on both CPU and FPGA-based SoC hardware (PYNQ-Z1), measuring performance across varying block sizes, injection rates, and core counts. Our results show that ML-based detection significantly outperforms threshold-based methods in precision and recall while maintaining real-time performance on embedded hardware. Compared to existing AES anomaly detection methods, our solution offers a low-cost, real-time, and accurate detection approach deployable on lightweight FPGA platforms.

Keywords

Cite

@article{arxiv.2507.04197,
  title  = {ML-Enhanced AES Anomaly Detection for Real-Time Embedded Security},
  author = {Nishant Chinnasami and Rye Stahle-Smith and Rasha Karakchi},
  journal= {arXiv preprint arXiv:2507.04197},
  year   = {2025}
}
R2 v1 2026-07-01T03:47:59.395Z