Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior

Author

Man-Ki Yoon ; Sibin Mohan ; Jaesik Choi ; Lui Sha

Author_Institution

Dept. of Comput. Sci., Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA

fYear

2015

fDate

8-12 June 2015

Firstpage

1

Lastpage

6

Abstract

In this paper, we introduce a novel mechanism that identifies abnormal system-wide behaviors using the predictable nature of real-time embedded applications. We introduce Memory Heat Map (MHM) to characterize the memory behavior of the operating system. Our machine learning algorithms automatically (a) summarize the information contained in the MHMs and then (b) detect deviations from the normal memory behavior patterns. These methods are implemented on top of a multicore processor architecture to aid in the process of monitoring and detection. The techniques are evaluated using multiple attack scenarios including kernel rootkits and shellcode. To the best of our knowledge, this is the first work that uses aggregated memory behavior for detecting system anomalies especially the concept of memory heat maps.

Keywords

embedded systems; learning (artificial intelligence); operating system kernels; security of data; storage management; MHM; abnormal system-wide behavior identification; aggregated memory behavior; anomaly detection; detection process; kernel rootkits; machine learning algorithms; memory heat maps; monitoring process; multicore processor architecture; operating system; real-time embedded applications; real-time embedded systems; shellcode; Heating; Kernel; Linux; Monitoring; Real-time systems; System-on-chip; Training; Intrusion detection; memory heat map; real-time systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE

Conference_Location

San Francisco, CA

Type

conf

DOI

10.1145/2744769.2744869

Filename

7167219