Window-based statistical analysis of timing subcomponents for efficient detection of malware in life-critical systems

Nadir Carreon, Allison Gilbreath, Roman Lysecky

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Securing life-critical embedded systems, particularly medical devices, requires both proactive security measures that prevent intrusions and reactive measures that detect intrusions. This paper presents a novel model for specifying the normal timing for operations in software applications using cumulative distribution functions of timing subcomponent within sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations by monitoring the internal timing of the different components of the system, and we define thresholds to minimize false positives based on training data.

Original languageEnglish (US)
Title of host publicationSimulation Series
PublisherThe Society for Modeling and Simulation International
Edition5
ISBN (Electronic)9781510892521, 9781510892538, 9781510892545, 9781510892552, 9781510892569
DOIs
StatePublished - 2019
Event2019 Modeling and Simulation in Medicine, MSM 2019, Part of the 2019 Spring Simulation Multi-Conference, SpringSim 2019 - Tucson, United States
Duration: Apr 29 2019May 2 2019

Publication series

NameSimulation Series
Number5
Volume51
ISSN (Print)0735-9276

Conference

Conference2019 Modeling and Simulation in Medicine, MSM 2019, Part of the 2019 Spring Simulation Multi-Conference, SpringSim 2019
Country/TerritoryUnited States
CityTucson
Period4/29/195/2/19

Keywords

  • Anomaly detection
  • Embedded system security
  • Non-intrusive hardware
  • Timing-based threat detection

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Window-based statistical analysis of timing subcomponents for efficient detection of malware in life-critical systems'. Together they form a unique fingerprint.

Cite this