A Method for detecting abnormal program behavior on embedded devices
A Method for detecting abnormal program behavior on embedded devices
A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.
Embedded system security, abnormal behaviour detection, intrusion detection, self-organising map
1692-1704
Zhai, Xiaojun
93ee3dbb-e10e-472b-adec-78acfcd4cbc7
Appiah, Kofi
6ef3f47c-2bcd-4951-8d29-ad7c01261ff4
Ehsan, Shoaib
ae8922f0-dbe0-4b22-8474-98e84d852de7
Howells, Gareth
ad936021-6246-46d3-ad6a-1daac809b7f6
Hu, Huosheng
031bebd3-b026-4c30-8426-4995bed830db
Gu, Dongbing
ecd480a1-07cd-4083-b8f6-48c0cffcce9f
McDonald-Maier, Klaus D.
d35c2e77-744a-4318-9d9d-726459e64db9
August 2015
Zhai, Xiaojun
93ee3dbb-e10e-472b-adec-78acfcd4cbc7
Appiah, Kofi
6ef3f47c-2bcd-4951-8d29-ad7c01261ff4
Ehsan, Shoaib
ae8922f0-dbe0-4b22-8474-98e84d852de7
Howells, Gareth
ad936021-6246-46d3-ad6a-1daac809b7f6
Hu, Huosheng
031bebd3-b026-4c30-8426-4995bed830db
Gu, Dongbing
ecd480a1-07cd-4083-b8f6-48c0cffcce9f
McDonald-Maier, Klaus D.
d35c2e77-744a-4318-9d9d-726459e64db9
Zhai, Xiaojun, Appiah, Kofi, Ehsan, Shoaib, Howells, Gareth, Hu, Huosheng, Gu, Dongbing and McDonald-Maier, Klaus D.
(2015)
A Method for detecting abnormal program behavior on embedded devices.
IEEE Transactions on Information Forensics and Security, 10 (8), .
(doi:10.1109/TIFS.2015.2422674).
Abstract
A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.
This record has no associated files available for download.
More information
Published date: August 2015
Keywords:
Embedded system security, abnormal behaviour detection, intrusion detection, self-organising map
Identifiers
Local EPrints ID: 473385
URI: http://eprints.soton.ac.uk/id/eprint/473385
ISSN: 1556-6013
PURE UUID: 848ab907-2563-4a68-b800-59d526284ee2
Catalogue record
Date deposited: 17 Jan 2023 17:37
Last modified: 17 Mar 2024 04:16
Export record
Altmetrics
Contributors
Author:
Xiaojun Zhai
Author:
Kofi Appiah
Author:
Shoaib Ehsan
Author:
Gareth Howells
Author:
Huosheng Hu
Author:
Dongbing Gu
Author:
Klaus D. McDonald-Maier
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics