A Stochastic-Process Methodology for Detecting Anomalies at Runtime in Embedded Systems
Alfredo Cuzzocrea
1
(iDEA Lab, University of Calabria)
Enzo Mumolo
2
(University of Trieste, Trieste, Italy)
Islam Belmerabet
3
(iDEA Lab, University of Calabria, Rende, Italy)
Abderraouf Hafsaoui
4
(iDEA Lab, University of Calabria, Rende, Italy)
کلید واژه: Anomaly Detection, Embedded Systems, Stochastic Processes, Inference Models.,
چکیده مقاله :
Embedded computing systems are very vulnerable to anomalies that can occur during execution of deployed software. Anomalies can be due, for example, to faults, bugs or deadlocks during executions. These anomalies can have very dangerous consequences on the systems controlled by embedded computing devices. Embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus the possibility of debugging an application to manage the anomaly is very difficult, if not impossible. Anomaly detection algorithms are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach for detecting an anomaly during the execution of one or more applications. The algorithm exploits the differences in the behavior of memory reference sequences generated during executions. Memory reference sequences are monitored in real-time using the PIN tracing tool. The memory reference sequence is divided into randomly-selected blocks and spectrally described with the Discrete Cosine Transform (DCT). Experimental analysis performed on various benchmarks shows very low error rates for the anomalies tested.
چکیده انگلیسی :
Embedded computing systems are very vulnerable to anomalies that can occur during execution of deployed software. Anomalies can be due, for example, to faults, bugs or deadlocks during executions. These anomalies can have very dangerous consequences on the systems controlled by embedded computing devices. Embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus the possibility of debugging an application to manage the anomaly is very difficult, if not impossible. Anomaly detection algorithms are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach for detecting an anomaly during the execution of one or more applications. The algorithm exploits the differences in the behavior of memory reference sequences generated during executions. Memory reference sequences are monitored in real-time using the PIN tracing tool. The memory reference sequence is divided into randomly-selected blocks and spectrally described with the Discrete Cosine Transform (DCT). Experimental analysis performed on various benchmarks shows very low error rates for the anomalies tested.
