Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior

Man Ki Yoon, Sibin Mohan, Jaesik Choi, Lui Sha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we introduce a novel mechanism that identifies abnormal system-wide behaviors using the predictable nature of real-time embedded applications. We introduce Memory Heat Map (MHM) to characterize the memory behavior of the operating system. Our machine learning algorithms automatically (a) summarize the information contained in the MHMs and then (b) detect deviations from the normal memory behavior patterns. These methods are implemented on top of a multicore processor architecture to aid in the process of monitoring and detection. The techniques are evaluated using multIPle attack scenarios including kernel rootkits and shellcode. To the best of our knowledge, this is the first work that uses aggregated memory behavior for detecting system anomalies especially the concept of memory heat maps.

Original languageEnglish (US)
Title of host publication2015 52nd ACM/EDAC/IEEE Design Automation Conference, DAC 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781450335201
DOIs
StatePublished - Jul 24 2015
Event52nd ACM/EDAC/IEEE Design Automation Conference, DAC 2015 - San Francisco, United States
Duration: Jun 7 2015Jun 11 2015

Publication series

NameProceedings - Design Automation Conference
Volume2015-July
ISSN (Print)0738-100X

Other

Other52nd ACM/EDAC/IEEE Design Automation Conference, DAC 2015
CountryUnited States
CitySan Francisco
Period6/7/156/11/15

Keywords

  • Intrusion detection
  • memory heat map
  • real-time systems

ASJC Scopus subject areas

  • Computer Science Applications
  • Control and Systems Engineering
  • Electrical and Electronic Engineering
  • Modeling and Simulation

Fingerprint Dive into the research topics of 'Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior'. Together they form a unique fingerprint.

Cite this