Edge IoT devices face security threats from Differential Electromagnetic Analysis (DEMA) attacks, which exploit electromagnetic (EM) side-channel emissions to extract sensitive DNN model parameters during inference. To address this, we propose a lightweight dynamic MAC pruning defense mechanism. During inference, it dynamically masks input pixels based on an importance-aware pixel map and prunes the corresponding multiply-accumulate (MAC) operations in real time, thereby disrupting the temporal correlation between EM leakage and model weights. Our key contribution is the first dynamic operation pruning strategy explicitly designed for DNN execution characteristics: it achieves negligible accuracy degradation (<0.5%) while significantly suppressing EM side-channel leakage intensity. The method incurs negligible computational overhead and has been validated across multiple mainstream edge-deployed DNN models and benchmark datasets.

As deep learning gains popularity, edge IoT devices have seen proliferating deployment of pre-trained Deep Neural Network (DNN) models. These DNNs represent valuable intellectual property and face significant confidentiality threats from side-channel analysis (SCA), particularly non-invasive Differential Electromagnetic (EM) Analysis (DEMA), which retrieves individual model parameters from EM traces collected during model inference. Traditional SCA mitigation methods, such as masking and shuffling, can still be applied to DNN inference, but will incur significant performance degradation due to the large volume of operations and parameters. Based on the insight that DNN models have high redundancy and are robust to input variation, we introduce MACPruning, a novel lightweight defense against DEMA-based parameter extraction attacks, exploiting specific characteristics of DNN execution. The design principle of MACPruning is to randomly deactivate input pixels and prune the operations (typically multiply-accumulate-MAC) on those pixels. The technique removes certain leakages and overall redistributes weight-dependent EM leakages temporally, and thus effectively mitigates DEMA. To maintain DNN performance, we propose an importance-aware pixel map that preserves critical input pixels, keeping randomness in the defense while minimizing its impact on DNN performance due to operation pruning. We conduct a comprehensive security analysis of MACPruning on various datasets for DNNs on edge devices. Our evaluations demonstrate that MACPruning effectively reduces EM leakages with minimal impact on the model accuracy and negligible computational overhead.