Skip to main content

A Method for Detecting Abnormal Program Behavior on Embedded Devices

Zhai, Xiaojun, Appiah, Kofi, Ehsan, Shoaib, Howells, Gareth, Hu, Huosheng, Gu, Dongbing, McDonald-Maier, Klaus D. (2015) A Method for Detecting Abnormal Program Behavior on Embedded Devices. IEEE Transactions on Information Forensics and Security, 10 (8). pp. 1692-1704. ISSN 1556-6013. (doi:10.1109/TIFS.2015.2422674) (KAR id:50338)

PDF Author's Accepted Manuscript
Language: English
Download (758kB) Preview
[thumbnail of T-IFS-Final.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behavior, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a self-organizing map (SOM)-based approach to enhance embedded system security by detecting abnormal program behavior. The proposed method extracts features derived from processor's program counter and cycles per instruction, and then utilises the features to identify abnormal behavior using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviors not included in the training set with over 98.4% accuracy.

Item Type: Article
DOI/Identification number: 10.1109/TIFS.2015.2422674
Uncontrolled keywords: abnormal behaviour detection; Embedded system security; intrusion detection; Self-Organising Map
Subjects: T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Engineering and Digital Arts
Depositing User: Tina Thompson
Date Deposited: 01 Sep 2015 08:42 UTC
Last Modified: 16 Feb 2021 13:27 UTC
Resource URI: (The current URI for this page, for reference purposes)
Howells, Gareth:
  • Depositors only (login required):


Downloads per month over past year