Hdl Handle:
http://hdl.handle.net/10545/583869
Title:
Exploring ICMetrics to detect abnormal program behaviour on embedded devices
Authors:
Zhai, Xiaojun ( 0000-0002-1030-8311 ) ; Ehsan, Shoaib; Howells, Gareth; Gu, Dongbing; McDonald-Maier, Klaus; Appiah, Kofi ( 0000-0002-9480-0679 ) ; Hu, Huosheng ( 0000-0001-5797-1412 )
Abstract:
Execution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of commercial off-the-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor’s Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy.
Affiliation:
University of Leicester; University of Essex; University of Kent
Citation:
Zhai, X, Appiah, K, Ehsan, S, Howells, G, Hu, H, Gu, D, & McDonald-Maier, K 2015, 'Exploring ICMetrics to detect abnormal program behaviour on embedded devices', Journal Of Systems Architecture, 61, Special section on Architecture of Computing Systems edited by Editors: Wolfgang Karl, Erik Maehle, Kay Romer, Eduardo Tovar, Martin Danek, pp. 567-575
Publisher:
Elsevier
Journal:
Journal of Systems Architecture
Issue Date:
Nov-2015
URI:
http://hdl.handle.net/10545/583869
DOI:
10.1016/j.sysarc.2015.07.007
Additional Links:
http://linkinghub.elsevier.com/retrieve/pii/S1383762115000776
Type:
Article
Language:
en
Series/Report no.:
Vol. 61; Issue 10
ISSN:
13837621
Appears in Collections:
Department of Mechanical Engineering & the Built Environment

Full metadata record

DC FieldValue Language
dc.contributor.authorZhai, Xiaojunen
dc.contributor.authorEhsan, Shoaiben
dc.contributor.authorHowells, Garethen
dc.contributor.authorGu, Dongbingen
dc.contributor.authorMcDonald-Maier, Klausen
dc.contributor.authorAppiah, Kofien
dc.contributor.authorHu, Huoshengen
dc.date.accessioned2015-12-14T11:08:23Z-
dc.date.available2015-12-14T11:08:23Zen
dc.date.issued2015-11-
dc.identifier.citationZhai, X, Appiah, K, Ehsan, S, Howells, G, Hu, H, Gu, D, & McDonald-Maier, K 2015, 'Exploring ICMetrics to detect abnormal program behaviour on embedded devices', Journal Of Systems Architecture, 61, Special section on Architecture of Computing Systems edited by Editors: Wolfgang Karl, Erik Maehle, Kay Romer, Eduardo Tovar, Martin Danek, pp. 567-575en
dc.identifier.issn13837621-
dc.identifier.doi10.1016/j.sysarc.2015.07.007-
dc.identifier.urihttp://hdl.handle.net/10545/583869-
dc.description.abstractExecution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of commercial off-the-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor’s Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy.en
dc.language.isoenen
dc.publisherElsevieren
dc.relation.ispartofseriesVol. 61en
dc.relation.ispartofseriesIssue 10en
dc.relation.urlhttp://linkinghub.elsevier.com/retrieve/pii/S1383762115000776en
dc.rightsArchived with thanks to Journal of Systems Architectureen
dc.subjectICMetricsen
dc.subjectEmbedded systemsen
dc.subjectAbnormal behaviour detectionen
dc.subjectIntrusion detectionen
dc.subjectSelf-organising mapen
dc.titleExploring ICMetrics to detect abnormal program behaviour on embedded devicesen
dc.typeArticleen
dc.contributor.departmentUniversity of Leicesteren
dc.contributor.departmentUniversity of Essexen
dc.contributor.departmentUniversity of Kenten
dc.identifier.journalJournal of Systems Architectureen
All Items in UDORA are protected by copyright, with all rights reserved, unless otherwise indicated.