A method for detecting abnormal program behavior on embedded devices

ZHAI, Xiaojun, APPIAH, Kofi, EHSAN, Shoaib, HOWELLS, Gareth, HU, Huosheng, GU, Dongbing and MCDONALD-MAIER, Klaus D. (2015). A method for detecting abnormal program behavior on embedded devices. IEEE Transactions on Information Forensics and Security, 10 (8), 1692-1704.

[img]
Preview
PDF
Appiah-methodFoDetectngAbnorma(VoR).pdf - Published Version
All rights reserved.

Download (2MB) | Preview
Official URL: http://ieeexplore.ieee.org/document/7084637/?reloa...
Link to published version:: https://doi.org/10.1109/TIFS.2015.2422674
Related URLs:

    Abstract

    A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4 accuracy.

    Item Type: Article
    Uncontrolled Keywords: embedded systems;security of data;self-organising feature maps;SOM;abnormal program behavior detection;commercial off-the-shelf embedded devices;embedded system security;malicious software;program counter;self-organizing map based approach;Complexity theory;Computer architecture;Embedded systems;Feature extraction;Hardware;Security;Embedded system security;Self-Organising Map;abnormal behaviour detection;intrusion detection;self-organising map
    Research Institute, Centre or Group - Does NOT include content added after October 2018: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
    Identification Number: https://doi.org/10.1109/TIFS.2015.2422674
    Page Range: 1692-1704
    Depositing User: Kofi Appiah
    Date Deposited: 17 Jan 2018 14:03
    Last Modified: 27 Jan 2018 22:06
    URI: http://shura.shu.ac.uk/id/eprint/18387

    Actions (login required)

    View Item View Item

    Downloads

    Downloads per month over past year

    View more statistics