Window-Based Statistical Analysis Of Timing Subcomponents For Efficient Detection Of Malware In Life-Critical Systems

Securing life-critical embedded systems, particularly medical devices, requires both proactive security measures that prevent intrusions and reactive measures that detect intrusions. This paper presents a novel model for specifying the normal timing for operations in software applications using cumu...

Full description

Saved in:
Bibliographic Details
Published in2019 Spring Simulation Conference (SpringSim) pp. 1 - 12
Main Authors Carreon, Nadir, Gilbreath, Allison, Lysecky, Roman
Format Conference Proceeding
LanguageEnglish
Published SCS 01.04.2019
Subjects
Anomaly detection
Embedded system security
Embedded systems
Malware
Monitoring
Non-intrusive hardware
Runtime
Timing
Timing-based threat detection
Online AccessGet full text

Cover

More Information
Summary:Securing life-critical embedded systems, particularly medical devices, requires both proactive security measures that prevent intrusions and reactive measures that detect intrusions. This paper presents a novel model for specifying the normal timing for operations in software applications using cumulative distribution functions of timing subcomponent within sliding execution windows. We present a probabilistic formulation for estimating the presence of malware for individual operations by monitoring the internal timing of the different components of the system, and we define thresholds to minimize false positives based on training data. Experimental results with a smart connected pacemaker and three sophisticated mimicry malware scenarios demonstrate improved performance and accuracy compared to state-of-the-art timing-based malware detection
DOI:10.23919/SpringSim.2019.8732899