Anomaly detection using hardware performance counters on a large scale deployment - Proceeding of the 10th European Congress on Embedded Real Time Systems
Conference Papers Year : 2020

Anomaly detection using hardware performance counters on a large scale deployment

Abstract

The last recent years witnessed a massive and fast deployment of Internet of Things (IoT) devices. Most of them have not been designed with a careful analysis of security requirements, which makes them likely to include multiple vulnerabilities. Moreover, as these devices include various communication interfaces, they have become a privileged target for attackers. As a consequence, large scale attacks, such as Mirai, must be considered seriously and it is crucial to design and implement protection and intrusion detection mechanisms to mitigate the threats associated to the use of IoT devices in our daily activities as well in critical environments. This paper proposes an anomaly detection approach, in the particular context of a large scale deployment of identical IoT devices. Furthermore, we consider an attacker who can install and execute malicious software while continuing to execute legitimate software, in order to stay invisible as much as possible. The approach is based on the statistical analysis of Hardware Performance Counters (HPC) collected at a regular basis from these identical devices, and to highlight the outliers corresponding to significant deviations with respect to normal usage scenarios. This idea relies on the intuition that it is very difficult for the attacker to add some malicious software in a corrupted device without perturbing the HPCs. This paper presents this approach and the first experiments carried out to assess its relevance.
Fichier principal
Vignette du fichier
ERTS2020_paper_92.pdf (117.33 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03328254 , version 1 (29-08-2021)

Identifiers

  • HAL Id : hal-03328254 , version 1

Cite

Malcolm Bourdon, Eric Alata, Mohamed Kaâniche, Vincent Migliore, Vincent Nicomette, et al.. Anomaly detection using hardware performance counters on a large scale deployment. 10th European Congress Embedded Real Time Systems (ERTS 2020), Jan 2020, Toulouse, France. ⟨hal-03328254⟩
198 View
85 Download

Share

More