The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Early detection of system-level anomalous behaviour using hardware performance counters

Early detection of system-level anomalous behaviour using hardware performance counters
Early detection of system-level anomalous behaviour using hardware performance counters

Embedded systems suffer from reliability issues such as variations in temperature and voltage, single event effects and component degradation, as well as being exposed to various security attacks such as control hijacking, malware, reverse engineering, eavesdropping and many others. Both reliability problems and security attacks can cause the system to behave anomalously. In this paper, we will present a detection technique that is able to detect a change in the system before the system encounters a failure, by using data from Hardware Performance Counters (HPCs). Previously, we have shown how HPC data can be used to create an execution profile of a system based on measured events and any deviation from this profile indicates an anomaly has occurred in the system. The first step in developing a detector is to analyse the HPC data and extract the features from the collected data to build a forecasting model. Anomalies are assumed to happen if the observed value falls outside a given confidence interval, which is calculated based on the forecast values and prediction confidence. The detector is designed to provide a warning to the user if anomalies that are detected occur consecutively for a certain number of times. We evaluate our detection algorithm on benchmarks that are affected by single bit flip faults. Our initial results show that the detection algorithm is suitable for use for this kind of univariate time series data and is able to correctly identify anomalous data from normal data.

485-490
IEEE
Woo, Lai Leng
ee042648-77bc-4b5d-979e-a44b302a7ad9
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Woo, Lai Leng
ee042648-77bc-4b5d-979e-a44b302a7ad9
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33

Woo, Lai Leng, Zwolinski, Mark and Halak, Basel (2018) Early detection of system-level anomalous behaviour using hardware performance counters. In 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE). vol. 2018-January, IEEE. pp. 485-490 . (doi:10.23919/DATE.2018.8342057).

Record type: Conference or Workshop Item (Paper)

Abstract

Embedded systems suffer from reliability issues such as variations in temperature and voltage, single event effects and component degradation, as well as being exposed to various security attacks such as control hijacking, malware, reverse engineering, eavesdropping and many others. Both reliability problems and security attacks can cause the system to behave anomalously. In this paper, we will present a detection technique that is able to detect a change in the system before the system encounters a failure, by using data from Hardware Performance Counters (HPCs). Previously, we have shown how HPC data can be used to create an execution profile of a system based on measured events and any deviation from this profile indicates an anomaly has occurred in the system. The first step in developing a detector is to analyse the HPC data and extract the features from the collected data to build a forecasting model. Anomalies are assumed to happen if the observed value falls outside a given confidence interval, which is calculated based on the forecast values and prediction confidence. The detector is designed to provide a warning to the user if anomalies that are detected occur consecutively for a certain number of times. We evaluate our detection algorithm on benchmarks that are affected by single bit flip faults. Our initial results show that the detection algorithm is suitable for use for this kind of univariate time series data and is able to correctly identify anomalous data from normal data.

This record has no associated files available for download.

More information

e-pub ahead of print date: 19 April 2018
Venue - Dates: 2018 Design, Automation and Test in Europe Conference and Exhibition, , Dresden, Germany, 2018-03-19 - 2018-03-23
Learn more about Sustainable Electronic Technologies research Learn more about Electronics & Computer Science research

Identifiers

Local EPrints ID: 421889
URI: http://eprints.soton.ac.uk/id/eprint/421889
DOI: doi:10.23919/DATE.2018.8342057
PURE UUID: 9c584d53-f063-4374-beaf-d2346b891602
ORCID for Lai Leng Woo: ORCID iD orcid.org/0000-0003-3313-6177
ORCID for Mark Zwolinski: ORCID iD orcid.org/0000-0002-2230-625X
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 06 Jul 2018 16:30
Last modified: 16 Mar 2024 04:07

Export record

Altmetrics

Contributors

Author: Lai Leng Woo ORCID iD
Author: Mark Zwolinski ORCID iD
Author: Basel Halak ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×