Detection of Cyber Attacks in CyberPhysical Systems Through Energy Consumption Analysis

We explored a novel approach to detecting cyberattacks in IoT devices by analyzing their energy consumption, instead of relying on traffic inspection or system logs. The central idea is that every action a device performs—whether legitimate or malicious—leaves behind a unique energy footprint. By continuously tracking the current draw of a device and comparing it across different activities, the goal is to understand whether behaviors that deviate from the norm can be detected. The experiments were conducted using a Raspberry Pi 3B+ powered and monitored by an Otii Arc Pro, which recorded power consumption at high resolution. Six activities were tested: five legitimate (HTTP requests with curl, software updates with APT, file transfers via SCP, and streaming audio/video using ffmpeg) and one malicious (an aggressive Nmap scan simulating an attacker’s exploration activity). The data collected was segmented into 1-second intervals, and statistical features such as mean, standard deviation, kurtosis, skewness, minimum, maximum, and median were extracted from each window. These features were used to train various machine learning classifiers, with Neural Networks achieving good accuracy in detecting the malicious activity. Other models like ensemble trees and SVMs also performed well, confirming the robustness of the method. The results show that Nmap scanning, the malicious activity, produces a distinct and recognizable energy signature, allowing it to be reliably identified among typical IoT behaviors.