TY - GEN
T1 - Window-based statistical analysis of timing subcomponents for efficient detection of malware in life-critical systems
AU - Carreon, Nadir
AU - Gilbreath, Allison
AU - Lysecky, Roman
N1 - Funding Information:
This research was partially supported by the National Science Foundation under Grant CNS-1615890.
Publisher Copyright:
© 2019 Society for Modeling & Simulation International (SCS).
PY - 2019
Y1 - 2019
N2 - Securing life-critical embedded systems, particularly medical devices, requires both proactive security measures that prevent intrusions and reactive measures that detect intrusions. This paper presents a novel model for specifying the normal timing for operations in software applications using cumulative distribution functions of timing subcomponent within sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations by monitoring the internal timing of the different components of the system, and we define thresholds to minimize false positives based on training data. Experimental results with a smart connected pacemaker and three sophisticated mimicry malware scenarios demonstrate improved performance and accuracy compared to state-of-the-art timing-based malware detection
AB - Securing life-critical embedded systems, particularly medical devices, requires both proactive security measures that prevent intrusions and reactive measures that detect intrusions. This paper presents a novel model for specifying the normal timing for operations in software applications using cumulative distribution functions of timing subcomponent within sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations by monitoring the internal timing of the different components of the system, and we define thresholds to minimize false positives based on training data. Experimental results with a smart connected pacemaker and three sophisticated mimicry malware scenarios demonstrate improved performance and accuracy compared to state-of-the-art timing-based malware detection
KW - Anomaly detection
KW - Embedded system security
KW - Non-intrusive hardware
KW - Timing-based threat detection
UR - http://www.scopus.com/inward/record.url?scp=85073686757&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85073686757&partnerID=8YFLogxK
U2 - 10.23919/SpringSim.2019.8732899
DO - 10.23919/SpringSim.2019.8732899
M3 - Conference contribution
AN - SCOPUS:85073686757
T3 - Simulation Series
BT - Simulation Series
PB - The Society for Modeling and Simulation International
T2 - 2019 Modeling and Simulation in Medicine, MSM 2019, Part of the 2019 Spring Simulation Multi-Conference, SpringSim 2019
Y2 - 29 April 2019 through 2 May 2019
ER -