A Method for Detecting Abnormal Program Behavior on Embedded Devices

Zhai, Xiaojun; Appiah, Kofi; Ehsan, Shoaib; Howells, Gareth; Hu, Huosheng; Gu, Dongbing; McDonald-Maier, Klaus

doi:10.1109/tifs.2015.2422674

Cited by 23 publications

(9 citation statements)

References 21 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhai et al [95] proposed a self-organizing map (SOM)-based approach to detect abnormal program behavior in commercial off-the-shelf embedded devices, especially those that cannot be updated conventionally. The proposed method utilizes cycle per instruction (CPI) to extract corresponding program counter (PC) values and uses these to pinpoint malicious behaviors with an unsupervised SOM.…”

Section: Intrusion Detectionmentioning

confidence: 99%

“…In the perception layer, researchers have created methods to detect abnormal status with operation features, such as cycle per instruction (CPI) [95], radio frequency (RF) [10], sensor-device-user interactions [31], and long-term expected values [87]. In the network layer, researchers modeled regular traffic first and then leveraged different methods to identify abnormal sequences, such as model checking [91], packet observation against long-term expected values [87], and artificial neural networks (ANNs) [89].…”

Section: Defensementioning

confidence: 99%

See 1 more Smart Citation

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.

show abstract

Section: Intrusion Detectionmentioning

confidence: 99%

Section: Defensementioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

show abstract

“…• Apply the key generation algorithm. This SPiRIT work has developed practical approaches for analyzing the feature distributions associated with the behaviour of IoT devices [33]. In the context of ICMetrics, the proposed analysis presents some novel challenges as compared to many traditional pattern recognition tasks, because the distribution of values exhibited by the features or characteristics being investigated is more diverse than that found in traditional pattern recognition tasks, often a consequence of the software associated with the device operating in a number of distinct states.…”

Section: A Icmetricsmentioning

confidence: 99%

Security and PrIvacy foR the Internet of Things: an overview of the project

Aroua

Murphy

Rabah

et al. 2019

2019 IEEE International Conference on Systems, Man and Cybernetics (SMC)

View full text Add to dashboard Cite

show abstract

“…Especially, one can extend SVM to obtain nonlinear decision hyperplanes by exploiting kernelization techniques [9][10][11][12]. Pioneering studies by Xue et al [13], Sebald et al [14], Alam et al [15], and Morsier et al [16] led to different improved SVM models.…”

Section: Introductionmentioning

confidence: 99%

A Granular Classifier By Means of Context-based Similarity Clustering

Huang¹,

Liao²

2016

Journal of Electrical Engineering and Technology

View full text Add to dashboard Cite

-In this study, we propose a granular classifier (GC) with the aid of a context-based similarity clustering (CSC) method and applied it for network intrusion detection. The proposed CSC supporting the design of information granules is exploited here to determine the so-called contexts. Unlike the conventional similar clustering method, here the CSC built clusters by taking into consideration of both input data and output data. The design of granular classifier is realized based on the if-then rules, which consists two parts: namely premise part and conclusion part. The premise part is developed by using the CSC, while the conclusion part is realized with the aid of supported vector machines. In contrast to typical rule-based classifier, the underlying principle exploited here is to consider a robust classification with the adequate use of output data. In particular, rule-based classifiers or supported vector machines can be regarded as a special case of the proposed granular classifier. Numeric studies show the superiority of the proposed approach.

show abstract

A Method for Detecting Abnormal Program Behavior on Embedded Devices

Cited by 23 publications

References 21 publications

A Survey on Recent Advanced Research of CPS Security

A Survey on Recent Advanced Research of CPS Security

Security and PrIvacy foR the Internet of Things: an overview of the project

A Granular Classifier By Means of Context-based Similarity Clustering

Contact Info

Product

Resources

About