Multi-Layer Telemetry Correlation(MLC): A New Approach to Runtime Integrity Verification for Edge AI Systems

31 May, 2026

Can an AI Device Tell When It's Been Hacked? Most cybersecurity tools rely on software to monitor software.

But what happens if the software itself has been compromised?

That question led me to explore a different approach: instead of trusting software, can we detect attacks by watching how a machine physically behaves while it works?

This idea became the basis of my research paper:

Passive Runtime Integrity Verification for Edge AI Systems via Multi-Layer Telemetry Correlation (MLC).

The Problem

Edge AI devices are everywhere:

• Smart cameras
• Drones
• Industrial inspection systems
• Traffic monitoring systems
• IoT gateways

Unlike cloud servers, these devices often operate:

• with limited connectivity
• in physically exposed environments
• with constrained hardware resources

Traditional security solutions assume constant connectivity and heavyweight monitoring software. Edge devices frequently cannot support those assumptions.

Even worse, sophisticated attacks can hide below the operating system itself. Firmware implants and kernel-level malware can remain invisible to conventional security tools.

So I asked:

Can a device detect compromise by observing its own behavior?

Looking at the Machine Instead of the Software

Every workload leaves traces.

When a device works harder:

• CPU activity changes
• GPU utilization rises
• Power consumption increases
• Temperature climbs
• Memory traffic shifts

Individually, these signals are noisy.

Together, they tell a story.

The key idea behind MLC is simple:

It is much harder for an attacker to keep many signals looking normal simultaneously than to hide within a single signal.

The MLC Approach

MLC monitors eight telemetry channels:

• CPU frequency
• GPU utilization
• Temperature
• Inference latency
• Power consumption
• Memory bandwidth
• Context-switch activity
• Network traffic

During a known-good calibration phase, the system learns how these signals behave under legitimate operating conditions.

Later, it continuously computes a trust score.

If the current behavior no longer resembles any healthy operating mode, the score increases and an alert can be raised.

The Core Equation

The entire detector is built around a surprisingly compact scoring function:

meta_image: [https://miro.medium.com/v2/resize:fit:1400/format:webp/1*3fX62Xd-PRKobt4yB9F5kg.png]

The score has two components.

1. Individual Deviations

The first term measures how unusual each telemetry channel is compared to normal operation.

If temperature, power, or memory usage suddenly moves outside its normal range, the score increases.

2. Correlation Deviations

This is the more interesting part.

In a healthy device, telemetry channels move together in predictable ways.

For example:

• High GPU usage often means higher power consumption.
• More computation usually generates more heat.
• Increased workload often increases memory activity.

The second term checks whether those relationships still make sense.

Even if every channel individually looks normal, the overall pattern may reveal something suspicious.

Testing the Idea

This work is currently a feasibility study.

Rather than using real hardware, I created a simulation calibrated using published operational characteristics of NVIDIA Jetson devices.

I evaluated four attack classes:

1. Cryptomining
2. Hidden AI inference
3. Beacon malware
4. Firmware-level anomalies

Results

The results were encouraging.

Cryptomining

MLC achieved an AUC of:

0.957

compared to:

0.944 for Isolation Forest.

This suggests that multi-channel behavioral analysis is particularly effective when an attack affects many parts of the system simultaneously.

meta_image:[https://miro.medium.com/v2/resize:fit:1400/format:webp/1*B4ncw7dcfHVCWutvuQTfeQ.png]

Hidden Inference

The results were competitive, although Isolation Forest performed slightly better.

This highlights an important limitation:

Different attacks create different telemetry signatures.

No single detector dominates every scenario.

Beacon Malware

This was the most interesting result.

All detectors performed poorly.

Why?

Because beacon malware primarily affects network activity, and network traffic naturally varies significantly during normal operation.

A small beacon can disappear inside that noise.

This finding reinforces an important lesson:

Telemetry-based security is powerful, but it is not magic.

What I Learned

Three key lessons emerged from this work.

Multi-channel analysis matters

Watching many signals together provides more information than analyzing each independently.

Correlation is valuable

The relationship between signals often contains more information than the signals themselves.

Honest limitations matter

Beacon-style attacks remain difficult to detect using telemetry alone and will likely require complementary approaches.

What's Next?

The next stage is hardware validation.

Future work includes:

• NVIDIA Jetson testing
• Raspberry Pi testing
• Real cryptomining workloads
• Covert inference experiments
• Long-term telemetry collection
• Adversarial telemetry shaping

Final Thoughts

Modern AI systems increasingly operate outside traditional data centers.

As they become more autonomous, security mechanisms must evolve beyond software-only assumptions.

This work explores a simple idea:

A compromised machine may reveal itself through the way it behaves.

If that idea proves true on real hardware, telemetry could become an important new layer of runtime integrity verification for Edge AI systems.

Research Paper

Passive Runtime Integrity Verification for Edge AI Systems via Multi-Layer Telemetry Correlation: A Feasibility Study

DOI: [Singh, A. (2026). Passive Runtime Integrity Verification for Edge AI Systems via Multi-Layer Telemetry Correlation: A Feasibility Study (Version v1). Zenodo.https://doi.org/10.5281/zenodo.20399963]