• Login
    View Item 
    •   Home
    • UA Faculty Research
    • UA Faculty Publications
    • View Item
    •   Home
    • UA Faculty Research
    • UA Faculty Publications
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of UA Campus RepositoryCommunitiesTitleAuthorsIssue DateSubmit DateSubjectsPublisherJournalThis CollectionTitleAuthorsIssue DateSubmit DateSubjectsPublisherJournal

    My Account

    LoginRegister

    About

    AboutUA Faculty PublicationsUA DissertationsUA Master's ThesesUA Honors ThesesUA PressUA YearbooksUA CatalogsUA Libraries

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    PID5537817_(check_passed_versi ...
    Size:
    931.0Kb
    Format:
    PDF
    Description:
    Final Accepted Manuscript
    Download
    Author
    Carreon, Nadir Amin
    Lu, Sixing
    Lysecky, Roman
    Affiliation
    Univ Arizona, Dept Elect & Comp Engn
    Issue Date
    2018
    Keywords
    Timing-based threat detection
    Anomaly detection
    Embedded system security
    Non-intrusive hardware
    
    Metadata
    Show full item record
    Publisher
    IEEE
    Citation
    N. A. Carreon, S. Lu and R. Lysecky, "Hardware-Based Probabilistic Threat Detection and Estimation for Embedded Systems," 2018 IEEE 36th International Conference on Computer Design (ICCD), Orlando, FL, USA, 2018, pp. 522-529. doi: 10.1109/ICCD.2018.00084
    Journal
    2018 IEEE 36TH INTERNATIONAL CONFERENCE ON COMPUTER DESIGN (ICCD)
    Rights
    © 2018 IEEE.
    Collection Information
    This item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at repository@u.library.arizona.edu.
    Abstract
    With billions of networked connected embedded systems, the security historically provided by the isolation of embedded systems is no longer sufficient. Both proactive security measures that prevent intrusions and reactive measures that detect intrusions are essential. Anomaly-based detection is a common reactive approach employed to detect malware that has evaded proactive defenses by observing anomalous deviations in the system execution. Timing-based anomaly detection detects malware by monitoring the system's internal timing, which offers unique protection against mimicry malware compared to sequence-based anomaly detection. However, previous timing-based anomaly detection methods focus on each operation independently at the granularity of tasks, function calls, system calls, or basic blocks. These approaches neither consider the entire software execution path nor provide a quantitative estimate of the presence of malware. This paper presents a novel model for specifying the normal timing for execution paths in software applications using cumulative distribution functions of timing data in sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations and sequences of operations within the paths, and we define thresholds to minimize false positives based on training data. Experimental results with a smart connected pacemaker and three sophisticated mimicry malware demonstrate improved performance and accuracy compared to state-of-the-art timing-based malware detection.
    ISSN
    978-1-5386-8477-1
    DOI
    10.1109/ICCD.2018.00084
    Version
    Final accepted manuscript
    Sponsors
    National Science Foundation [CNS-1615890]
    Additional Links
    https://ieeexplore.ieee.org/document/8615734/
    ae974a485f413a2113503eed53cd6c53
    10.1109/ICCD.2018.00084
    Scopus Count
    Collections
    UA Faculty Publications

    entitlement

     
    The University of Arizona Libraries | 1510 E. University Blvd. | Tucson, AZ 85721-0055
    Tel 520-621-6442 | repository@u.library.arizona.edu
    DSpace software copyright © 2002-2017  DuraSpace
    Quick Guide | Contact Us | Send Feedback
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.