The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Exploring ICMetrics to detect abnormal program behaviour on embedded devices

Exploring ICMetrics to detect abnormal program behaviour on embedded devices
Exploring ICMetrics to detect abnormal program behaviour on embedded devices
Execution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of commercial off-the-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor’s Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy.
Embedded system security, Abnormal behaviour detection, Intrusion detection, Self-Organising Map
1383-7621
567-575
Zhai, Xiaojun
93ee3dbb-e10e-472b-adec-78acfcd4cbc7
Appiah, Kofi
6ef3f47c-2bcd-4951-8d29-ad7c01261ff4
Ehsan, Shoaib
ae8922f0-dbe0-4b22-8474-98e84d852de7
Howells, Gareth
ad936021-6246-46d3-ad6a-1daac809b7f6
Hu, Huosheng
031bebd3-b026-4c30-8426-4995bed830db
Gu, Dongbing
ecd480a1-07cd-4083-b8f6-48c0cffcce9f
McDonald-Maier, Klaus
4429a771-384b-4cc6-8d45-1813c3792939
Zhai, Xiaojun
93ee3dbb-e10e-472b-adec-78acfcd4cbc7
Appiah, Kofi
6ef3f47c-2bcd-4951-8d29-ad7c01261ff4
Ehsan, Shoaib
ae8922f0-dbe0-4b22-8474-98e84d852de7
Howells, Gareth
ad936021-6246-46d3-ad6a-1daac809b7f6
Hu, Huosheng
031bebd3-b026-4c30-8426-4995bed830db
Gu, Dongbing
ecd480a1-07cd-4083-b8f6-48c0cffcce9f
McDonald-Maier, Klaus
4429a771-384b-4cc6-8d45-1813c3792939

Zhai, Xiaojun, Appiah, Kofi, Ehsan, Shoaib, Howells, Gareth, Hu, Huosheng, Gu, Dongbing and McDonald-Maier, Klaus (2015) Exploring ICMetrics to detect abnormal program behaviour on embedded devices. Journal of Systems Architecture, 61 (10), 567-575. (doi:10.1016/j.sysarc.2015.07.007).

Record type: Article

Abstract

Execution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of commercial off-the-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor’s Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy.

This record has no associated files available for download.

More information

e-pub ahead of print date: 14 July 2015
Published date: November 2015
Keywords: Embedded system security, Abnormal behaviour detection, Intrusion detection, Self-Organising Map
Learn more about Agents, Interactions and Complexity research

Identifiers

Local EPrints ID: 473381
URI: http://eprints.soton.ac.uk/id/eprint/473381
DOI: doi:10.1016/j.sysarc.2015.07.007
ISSN: 1383-7621
PURE UUID: 357ddd8b-405d-4726-869d-7809d6b54fce
ORCID for Shoaib Ehsan: ORCID iD orcid.org/0000-0001-9631-1898

Catalogue record

Date deposited: 17 Jan 2023 17:37
Last modified: 17 Mar 2024 04:16

Export record

Altmetrics

Contributors

Author: Xiaojun Zhai
Author: Kofi Appiah
Author: Shoaib Ehsan ORCID iD
Author: Gareth Howells
Author: Huosheng Hu
Author: Dongbing Gu
Author: Klaus McDonald-Maier

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×