A practical side-channel based intrusion detection system for additive manufacturing systems

We propose NSYNC, a practical framework to compare side-channel signals for real-time intrusion detection in Additive Manufacturing (AM) systems. The motivation to develop NSYNC is that we find AM systems are asynchronous in nature and there is random variation in timing in a printing process. Although this random variation, referred to as time noise, is very small compared with the duration of a printing process, it can cause existing Intrusion Detection Systems (IDSs) to fail. To deal with this problem, NSYNC incorporates a dynamic synchronizer to find the timing relationship between two signals. This timing relationship, referred to as the horizontal displacement, can not only be used to mitigate the adverse effect of time noise on calculating the (vertical) distance between signals, but also be used as indicators for intrusion detection. An existing dynamic synchronizer is Dynamic Time Warping (DTW). However, we found in experiments that DTW not only consumes an excessive amount of computational resources but also has limited accuracy for processing side-channel signals. To solve this problem, we propose a novel dynamic synchronizer, called Dynamic Window Matching (DWM), to replace DTW. To compare NSYNC against existing IDSs, we built a data acquisition system that is capable of collecting six different types of side-channel signals and performed a total of 302 benign printing processes and a total of 200 malicious printing processes with two printers. Our experiment results show that existing IDSs leveraging side-channel signals in AM systems can only achieve an accuracy from 0.50 to 0.88, whereas our proposed NSYNC can reach an accuracy of 0.99.