A method for detecting abnormal program behavior on embedded devices

ZHAI, Xiaojun, APPIAH, Kofi, EHSAN, Shoaib, HOWELLS, Gareth, HU, Huosheng, GU, Dongbing and MCDONALD-MAIER, Klaus D. (2015). A method for detecting abnormal program behavior on embedded devices. IEEE Transactions on Information Forensics and Security, 10 (8), 1692-1704.

[img]
Preview
PDF
Appiah-methodFoDetectngAbnorma(VoR).pdf - Published Version
All rights reserved.

Download (2MB) | Preview
Official URL: http://ieeexplore.ieee.org/document/7084637/?reloa...
Link to published version:: https://doi.org/10.1109/TIFS.2015.2422674

Abstract

A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4 accuracy.

Item Type: Article
Uncontrolled Keywords: embedded systems;security of data;self-organising feature maps;SOM;abnormal program behavior detection;commercial off-the-shelf embedded devices;embedded system security;malicious software;program counter;self-organizing map based approach;Complexity theory;Computer architecture;Embedded systems;Feature extraction;Hardware;Security;Embedded system security;Self-Organising Map;abnormal behaviour detection;intrusion detection;self-organising map
Research Institute, Centre or Group - Does NOT include content added after October 2018: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
Identification Number: https://doi.org/10.1109/TIFS.2015.2422674
Page Range: 1692-1704
Depositing User: Kofi Appiah
Date Deposited: 17 Jan 2018 14:03
Last Modified: 18 Mar 2021 15:52
URI: https://shura.shu.ac.uk/id/eprint/18387

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics