Hardware Performance Counters for Embedded Software Anomaly Detection Conference Paper uri icon

abstract

  • 2018 IEEE. A recent trend in software security has utilized hardware performance counters as a security mechanism for integrity checks as well as malware detection. In this work we have developed two methods to check and validate the runtime integrity of a program to protect against malicious intrusions. The two methods developed utilize Hidden Markov Models and Long Short Term Memory neural networks trained on traces of a program's performance counter data which allows for classification, offline anomaly detection, and online anomaly detection. In our benchmark of embedded software the HMMs achieved a classification accuracy of 100%, while offline anomaly detection achieved an average 98% accuracy with only 1% false positives, and online detection with a heuristic achieved 95% with only 0.38% false positives. On the same embedded software benchmark LSTMs neural networks achieved an offline anomaly detection rate of 100% with no false positives, and an online anomaly accuracy was 98% on average with no false positives.

name of conference

  • 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)

published proceedings

  • 2018 16TH IEEE INT CONF ON DEPENDABLE, AUTONOM AND SECURE COMP, 16TH IEEE INT CONF ON PERVAS INTELLIGENCE AND COMP, 4TH IEEE INT CONF ON BIG DATA INTELLIGENCE AND COMP, 3RD IEEE CYBER SCI AND TECHNOL CONGRESS (DASC/PICOM/DATACOM/CYBERSCITECH)

author list (cited authors)

  • Ott, K., & Mahapatra, R.

citation count

  • 8

complete list of authors

  • Ott, Karl||Mahapatra, Rabi

publication date

  • August 2018