A Stochastic-Process Methodology for Detecting Anomalies at Runtime in Embedded Systems
محورهای موضوعی : Transactions on Fuzzy Sets and Systems
Alfredo Cuzzocrea
1
,
Enzo Mumolo
2
,
Islam Belmerabet
3
,
Abderraouf Hafsaoui
4
1 - iDEA Lab, University of Calabria, Rende, Italy.
2 - Department of Engineering, University of Trieste, Trieste, Italy.
3 - iDEA Lab, University of Calabria, Rende, Italy.
4 - iDEA Lab, University of Calabria, Rende, Italy.
کلید واژه:
چکیده مقاله :
Embedded computing systems are very vulnerable to anomalies that can occur during execution of deployed software. Anomalies can be due, for example, to faults, bugs or deadlocks during executions. These anomalies can have very dangerous consequences on the systems controlled by embedded computing devices. Embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus the possibility of debugging an application to manage the anomaly is very difficult, if not impossible. Anomaly detection algorithms are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach for detecting an anomaly during the execution of one or more applications. The algorithm exploits the differences in the behavior of memory reference sequences generated during executions. Memory reference sequences are monitored in real-time using the PIN tracing tool. The memory reference sequence is divided into randomly-selected blocks and spectrally described with the Discrete Cosine Transform (DCT) [36]. Experimental analysis performed on various benchmarks shows very low error rates for the anomalies tested.
Embedded computing systems are very vulnerable to anomalies that can occur during execution of deployed software. Anomalies can be due, for example, to faults, bugs or deadlocks during executions. These anomalies can have very dangerous consequences on the systems controlled by embedded computing devices. Embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus the possibility of debugging an application to manage the anomaly is very difficult, if not impossible. Anomaly detection algorithms are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach for detecting an anomaly during the execution of one or more applications. The algorithm exploits the differences in the behavior of memory reference sequences generated during executions. Memory reference sequences are monitored in real-time using the PIN tracing tool. The memory reference sequence is divided into randomly-selected blocks and spectrally described with the Discrete Cosine Transform (DCT) [36]. Experimental analysis performed on various benchmarks shows very low error rates for the anomalies tested.
