David Llanio Reyes, A. Perez-Pons, Rogelio Bofill Dean
{"title":"基于硬件自省的嵌入式设备异常检测","authors":"David Llanio Reyes, A. Perez-Pons, Rogelio Bofill Dean","doi":"10.1109/SVCC56964.2023.10165049","DOIUrl":null,"url":null,"abstract":"The growth in the number of embedded devices within society has increased and continues to increase significantly throughout the world. The evolution of cyber-physical systems and their availability on the Internet of Things domain has made it possible to incorporate these devices in systems to provide environmental monitoring and status evaluation. The deployment of these devices requires high levels of security to protect their functionality. This includes detecting any potential impact on the devices’ integrity, as it can have a negative impact on its performance, functionality, and security. We propose a Hardware Introspection for Anomaly Detection (HIAD) framework that aims to detect abnormal device behavior through machine learning techniques employing processor-level hardware debugging capabilities. Through the JTAG (Joint Test Action Group) interface found in embedded devices, we can extract memory traces and utilize the extracted data to form image representations to train machine learning and deep learning models to detect anomalous execution. HIAD is a powerful tool that can monitor a bare-metal program’s execution while minimally impacting performance, and yielding effective identification of execution variations.","PeriodicalId":243155,"journal":{"name":"2023 Silicon Valley Cybersecurity Conference (SVCC)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Anomaly Detection in Embedded Devices Through Hardware Introspection\",\"authors\":\"David Llanio Reyes, A. Perez-Pons, Rogelio Bofill Dean\",\"doi\":\"10.1109/SVCC56964.2023.10165049\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The growth in the number of embedded devices within society has increased and continues to increase significantly throughout the world. The evolution of cyber-physical systems and their availability on the Internet of Things domain has made it possible to incorporate these devices in systems to provide environmental monitoring and status evaluation. The deployment of these devices requires high levels of security to protect their functionality. This includes detecting any potential impact on the devices’ integrity, as it can have a negative impact on its performance, functionality, and security. We propose a Hardware Introspection for Anomaly Detection (HIAD) framework that aims to detect abnormal device behavior through machine learning techniques employing processor-level hardware debugging capabilities. Through the JTAG (Joint Test Action Group) interface found in embedded devices, we can extract memory traces and utilize the extracted data to form image representations to train machine learning and deep learning models to detect anomalous execution. HIAD is a powerful tool that can monitor a bare-metal program’s execution while minimally impacting performance, and yielding effective identification of execution variations.\",\"PeriodicalId\":243155,\"journal\":{\"name\":\"2023 Silicon Valley Cybersecurity Conference (SVCC)\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 Silicon Valley Cybersecurity Conference (SVCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SVCC56964.2023.10165049\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 Silicon Valley Cybersecurity Conference (SVCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SVCC56964.2023.10165049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
社会中嵌入式设备数量的增长已经增加,并且在世界范围内继续显著增加。网络物理系统的发展及其在物联网领域的可用性使得将这些设备纳入系统中以提供环境监测和状态评估成为可能。这些设备的部署需要高水平的安全性来保护其功能。这包括检测对设备完整性的任何潜在影响,因为它可能对设备的性能、功能和安全性产生负面影响。我们提出了一个硬件内省异常检测(HIAD)框架,旨在通过采用处理器级硬件调试功能的机器学习技术检测异常设备行为。通过在嵌入式设备中发现的JTAG (Joint Test Action Group)接口,我们可以提取内存痕迹,并利用提取的数据形成图像表示来训练机器学习和深度学习模型来检测异常执行。HIAD是一个功能强大的工具,可以监控裸机程序的执行,同时将对性能的影响降到最低,并有效地识别执行变化。
Anomaly Detection in Embedded Devices Through Hardware Introspection
The growth in the number of embedded devices within society has increased and continues to increase significantly throughout the world. The evolution of cyber-physical systems and their availability on the Internet of Things domain has made it possible to incorporate these devices in systems to provide environmental monitoring and status evaluation. The deployment of these devices requires high levels of security to protect their functionality. This includes detecting any potential impact on the devices’ integrity, as it can have a negative impact on its performance, functionality, and security. We propose a Hardware Introspection for Anomaly Detection (HIAD) framework that aims to detect abnormal device behavior through machine learning techniques employing processor-level hardware debugging capabilities. Through the JTAG (Joint Test Action Group) interface found in embedded devices, we can extract memory traces and utilize the extracted data to form image representations to train machine learning and deep learning models to detect anomalous execution. HIAD is a powerful tool that can monitor a bare-metal program’s execution while minimally impacting performance, and yielding effective identification of execution variations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
