Implementation and Applications of Tri-State Self-Organizing Maps on FPGA

Appiah, Kofi; Hunter, Andrew; Dickinson, Patrick; Meng, Hongying

doi:10.1109/tcsvt.2012.2197077

Cited by 25 publications

(19 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The proposed system naturally combines the embedded system's hardware and software together, introducing a new potential direction to secure an embedded device. In one of the authors' previous works [27], an implementation of the conventional SOM on a Xilinx Virtex-4 with 40 neurons required only 22.1% of the available 5,184 Kb Block RAM. The debug facility targeted for our initial on-chip prototyping is utilising a mid-range Xilinx Virtex-6 FPGA having 25,344 Kb (max.)…”

Section: ) Programs With Random Generated Function Call Sequence (Inmentioning

confidence: 99%

“…Again, the Virtex-4 design implementation clocked at 25MHz could train with approximately 10,000 patterns per second. As a result of this, the hardware implementation of the SOM produces a significant speed improvement, which is 30 times faster than the original SOM implemented on a state-of-art PC [27]. Hence, the preferred implementation is to follow a hardware acceleration approach that facilitated rapid SOM processing suitable for real-time execution.…”

Section: ) Programs With Random Generated Function Call Sequence (Inmentioning

confidence: 99%

See 1 more Smart Citation

A Method for Detecting Abnormal Program Behavior on Embedded Devices

Zhai

Appiah

Ehsan

et al. 2015

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Abstract-A potential threat to embedded systems is the execution of unknown or malicious software capable of triggering harmful system behaviour, aimed at theft of sensitive data or causing damage to the system. Commercial off-the-shelf embedded devices, such as embedded medical equipment, are more vulnerable as these type of products cannot be amended conventionally or have limited resources to implement protection mechanisms. In this paper, we present a Self-Organising Map based approach to enhance embedded system security by detecting abnormal program behaviour. The proposed method extracts features derived from processor's Program Counter and Cycles per Instruction, and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed method can identify unknown program behaviours not included in the training set with over 98.4% accuracy.Index Terms-Embedded system security, abnormal behaviour detection, intrusion detection, Self-Organising Map. I. INTRODUCTIONhe widespread use of embedded systems today has significantly changed the way we create, destroy, share, process and manage information. For instance, an embedded medical device often processes sensitive information or performs critical functions for multiple patients. Consequently, security of embedded systems is emerging as an important concern in embedded system design [1,2]. Although security has been extensively explored in the context of general purpose computing and communications systems, for example via cryptographic algorithms and security protocols [3], such security solutions usually are often incompatible with particular embedded architectures. The X. Zhai was with University of Essex, Colchester, UK. He is now with the Department of Engineering, University of K. Appiah was with University of Essex, Colchester, UK. He is now with the School of Science and Technology, Nottingham Trent University (e-mail: kofi.appiah@ntu.ac.uk).G. Howells is with the School of Engineering and Digital Arts, University of Kent, Canterbury, UK (e-mail: w.g.j.howells@kent.ac.uk).reason for this is, that embedded architectures use custom firmware or operating systems, and are normally specific to a certain function with limited cost and resource, which makes e.g. conventional antivirus (AV) programs difficult to implement. Generally, the protection of embedded systems can be developed either at hardware or/and at software level.From hardware perspective, Physical Unclonable Function (PUF) [4] or hardware intrinsic security [5], has been proposed to secure embedded devices physically. The manufacturing process variation is first used to identify the integrated circuits, and then the identifications are subsequently used for cryptography. There are also works focusing on detecting software failure, tampering and malicious codes in embedded architectures [1,6]. The main disadvantage of these approaches is that they require storing sensitive data in the system as "valid" samples or templates. For exam...

show abstract

Section: ) Programs With Random Generated Function Call Sequence (Inmentioning

confidence: 99%

Section: ) Programs With Random Generated Function Call Sequence (Inmentioning

confidence: 99%

A Method for Detecting Abnormal Program Behavior on Embedded Devices

Zhai

Appiah

Ehsan

et al. 2015

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The proposed system can be run on a non-intrusive debug facility, a non-intrusive infrastructure that is generally used during device software development at present in all production devices, that connects to the targeted embedded device through a debug interface [28,29], which means that the proposed system would not affect the performance of the monitored embedded system in terms of additional memory and processor usage. In one of the authors' previous works [30], an implementation of the conventional SOM on a Xilinx Virtex-4 with 40 neurons required only 22.1% of the available 5,184 Kb Block RAM. Again, the Virtex-4 design implementation clocked at 25MHz could train with approximately 10,000 patterns per second.…”

Section: ) Programs With Various Function Call Sequences (Including mentioning

confidence: 99%

“…Again, the Virtex-4 design implementation clocked at 25MHz could train with approximately 10,000 patterns per second. As a result of this, the hardware implementation of the SOM produces a significant speed improvement, which is 30 times faster than the original SOM implemented on a state-of-art PC [30]. Hence, the preferred implementation is to follow a hardware acceleration approach that facilitated rapid identification processing suitable for real-time execution.…”

Section: ) Programs With Various Function Call Sequences (Including mentioning

confidence: 99%

Exploring ICMetrics to detect abnormal program behaviour on embedded devices

Zhai

Appiah

Ehsan

et al. 2015

Journal of Systems Architecture

Self Cite

View full text Add to dashboard Cite

Abstract-Execution of unknown or malicious software on an embedded system may trigger harmful system behaviour targeted at stealing sensitive data and/or causing damage to the system. It is thus considered a potential and significant threat to the security of embedded systems. Generally, the resource constrained nature of Commercial offthe-shelf (COTS) embedded devices, such as embedded medical equipment, does not allow computationally expensive protection solutions to be deployed on these devices, rendering them vulnerable. A Self-Organising Map (SOM) based and Fuzzy C-means based approaches are proposed in this paper for detecting abnormal program behaviour to boost embedded system security. The presented technique extracts features derived from processor's Program Counter (PC) and Cycles per Instruction (CPI), and then utilises the features to identify abnormal behaviour using the SOM. Results achieved in our experiment show that the proposed SOM based and Fuzzy C-means based methods can identify unknown program behaviours not included in the training set with 90.9% and 98.7% accuracy.Index Terms-Embedded system security, abnormal behaviour detection, intrusion detection, Self-Organising Map.

show abstract

“…Hardware realization that are an alternative, usually mean Field Programmable Gate Arrays (FPGAs) [7][8][9][10] but also, more rarely, Application Specific Integrated Circuits (ASICs) realized in the 'full custom' style [8,[11][12][13][14]. A challenge in this case http://dx.doi.org/10.1016/j.amc.2015.03.068 0096-3003/Ó 2015 Elsevier Inc. All rights reserved.…”

Section: Introductionmentioning

confidence: 99%