A method for detecting abnormal program behavior on embedded devices

ZHAI, Xiaojun, APPIAH, Kofi, EHSAN, Shoaib, HOWELLS, Gareth, HU, Huosheng, GU, Dongbing and MCDONALD-MAIER, Klaus D. (2015). A method for detecting abnormal program behavior on embedded devices. IEEE Transactions on Information Forensics and Security, 10 (8), 1692-1704. [Article]

Documents
18387:350274
[thumbnail of Appiah-methodFoDetectngAbnorma(VoR).pdf]
Preview
PDF
Appiah-methodFoDetectngAbnorma(VoR).pdf - Published Version
Available under License All rights reserved.

Download (2MB) | Preview
Abstract
A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4 accuracy.
More Information
Statistics

Downloads

Downloads per month over past year

Metrics

Altmetric Badge

Dimensions Badge

Share
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Actions (login required)

View Item View Item