Skip to main content

A Method for Detecting Abnormal Program Behavior on Embedded Devices

Zhai, Xiaojun, Appiah, Kofi, Ehsan, Shoaib, Howells, Gareth, Hu, Huosheng, Gu, Dongbing, McDonald-Maier, Klaus D. (2015) A Method for Detecting Abnormal Program Behavior on Embedded Devices. IEEE Transactions on Information Forensics and Security, 10 (8). pp. 1692-1704. ISSN 1556-6013. (doi:10.1109/TIFS.2015.2422674) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL
http://doi.org/10.1109/TIFS.2015.2422674

Abstract

A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.

Item Type: Article
DOI/Identification number: 10.1109/TIFS.2015.2422674
Uncontrolled keywords: abnormal behaviour detection; Embedded system security; intrusion detection; Self-Organising Map
Subjects: T Technology
Divisions: Faculties > Sciences > School of Engineering and Digital Arts
Faculties > Sciences > School of Engineering and Digital Arts > Image and Information Engineering
Depositing User: Tina Thompson
Date Deposited: 01 Sep 2015 08:42 UTC
Last Modified: 29 May 2019 15:58 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/50338 (The current URI for this page, for reference purposes)
  • Depositors only (login required):