Hdl Handle:
http://hdl.handle.net/10545/583863
Title:
A method for detecting abnormal program behavior on embedded devices
Authors:
Xiaojun, Zhai ( 0000-0002-1030-8311 ) ; Ehsan, Shoaib; Howells, Gareth; Dongbing, Gu; McDonald-Maier, Klaus; Appiah, Kofi ( 0000-0002-9480-0679 ) ; Hu, Huosheng ( 0000-0001-5797-1412 )
Abstract:
A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.
Affiliation:
University of Leicester; University of Essex; University of Kent; University of Derby
Citation:
Zhai, X, Appiah, K, Ehsan, S, Howells, G, Hu, H, Gu, D, & McDonald-Maier, K (2015), 'A Method for Detecting Abnormal Program Behavior on Embedded Devices', IEEE Transactions On Information Forensics And Security, 10, 8, pp. 1692-1704
Publisher:
IEEE
Journal:
IEEE Transactions on Information Forensics and Security
Issue Date:
13-Apr-2015
URI:
http://hdl.handle.net/10545/583863
DOI:
10.1109/TIFS.2015.2422674
Additional Links:
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7084637
Type:
Article
Language:
en
Series/Report no.:
INSPEC Accession Number: 15232972; Vol. 10; Issue 8
ISSN:
1556-6013
EISSN:
1556-6021
Sponsors:
IEEE Signal Processing Society
Appears in Collections:
Department of Mechanical Engineering & the Built Environment

Full metadata record

DC FieldValue Language
dc.contributor.authorXiaojun, Zhaien
dc.contributor.authorEhsan, Shoaiben
dc.contributor.authorHowells, Garethen
dc.contributor.authorDongbing, Guen
dc.contributor.authorMcDonald-Maier, Klausen
dc.contributor.authorAppiah, Kofien
dc.contributor.authorHu, Huoshengen
dc.date.accessioned2015-12-14T09:38:06Z-
dc.date.available2015-12-14T09:38:06Zen
dc.date.issued2015-04-13-
dc.identifier.citationZhai, X, Appiah, K, Ehsan, S, Howells, G, Hu, H, Gu, D, & McDonald-Maier, K (2015), 'A Method for Detecting Abnormal Program Behavior on Embedded Devices', IEEE Transactions On Information Forensics And Security, 10, 8, pp. 1692-1704en
dc.identifier.issn1556-6013-
dc.identifier.doi10.1109/TIFS.2015.2422674-
dc.identifier.urihttp://hdl.handle.net/10545/583863-
dc.description.abstractA potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.en
dc.description.sponsorshipIEEE Signal Processing Societyen
dc.language.isoenen
dc.publisherIEEEen
dc.relation.ispartofseriesINSPEC Accession Number: 15232972en
dc.relation.ispartofseriesVol. 10en
dc.relation.ispartofseriesIssue 8en
dc.relation.urlhttp://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7084637en
dc.rightsArchived with thanks to IEEE Transactions on Information Forensics and Securityen
dc.subjectICMetricsen
dc.subjectEmbedded systemsen
dc.subjectSelf-organising mapen
dc.subjectIntrusion detectionen
dc.titleA method for detecting abnormal program behavior on embedded devicesen
dc.typeArticleen
dc.identifier.eissn1556-6021-
dc.contributor.departmentUniversity of Leicesteren
dc.contributor.departmentUniversity of Essexen
dc.contributor.departmentUniversity of Kenten
dc.contributor.departmentUniversity of Derbyen
dc.identifier.journalIEEE Transactions on Information Forensics and Securityen
All Items in UDORA are protected by copyright, with all rights reserved, unless otherwise indicated.