Abstract
Computing systems are vulnerable to anomalies that might occur during execution of deployed software: e.g., faults, bugs or deadlocks. When occurring on embedded computing systems, these anomalies may severely hamper the corresponding devices; on the other hand, embedded systems are designed to perform autonomously, i.e., without any human intervention, and thus it is difficult to debug an application to manage the anomaly. Runtime anomaly detection techniques are the primary means of being aware of anomalous conditions. In this paper, we describe a novel approach to detect an anomaly during the execution of one or more applications. Our approach describes the behaviour of the applications using the sequences of memory references generated during runtime. The memory references are seen as signals: they are divided in overlapping frames, then parametrized and finally described with Hidden Markov Models (HMM) for detecting anomalies. The motivations of using such methodology for embedded systems are the following: first, the memory references could be extracted with very low overhead with software or architectural tools. Second, the device HMM analysis framework, while being very powerful in gathering high level information, has low computational complexity and thus is suitable to the rather low memory and computational capabilities of embedded systems. We experimentally evaluated our proposal on a ARM9, Linux based, embedded system using the SPEC 2006 CPU benchmark suite and found that it shows very low error rates for some artificially injected anomalies, namely a malware, an infinite loop and random errors during execution.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Maxion, R., Tan, K.: Anomaly detection in embedded systems. IEEE Trans. Comput. 51(2), 108–120 (2002)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection for discrete sequences: a survey. IEEE Trans. Knowl. Data Eng. PP(99), 1 (2010)
Maxion, R., Tan, K.: Benchmarking anomaly-based detection systems. In: Proceedings International Conference on Dependable Systems and Networks, DSN 2000, pp. 623–630 (2000)
Tan, X., Wang, W., Xi, H., Yin, B.: A markov model of system calls sequence and its application in anomaly detection. Comput. Eng. 43, 189–191 (2002)
Wang, P., Shi, L., Wang, B., Wu, Y., Liu, Y.: Survay on HMM based anomaly intrusion detection using system calls. In: The 5th International Conference on Computer Science and Education, pp. 102–105, August 2010
Sugaya, M., Ohno, Y., van der Zee, A., Nakajima, T.: A lightweight anomaly detection system for information appliances. In: ISORC, pp. 257–266 (2009)
Zandrahimi, M., Zarandi, H., Mottaghi, M.: Two effective methods to detect anomalies in embedded systems. Microelectron. J. 43, 77–87 (2012)
Moro, A., Mumolo, E., Nolich, M.: Ergodic continuous hidden markov models for workload characterization. In: Proceedings of 6th International Symposium on Image and Signal Processing and Analysis, ISPA 2009, pp. 99–104, September 2009
Moro, A., Mumolo, E., Nolich, M.: Workload modeling using pseudo2D-HMM. In: IEEE International Symposium on Modeling, Analysis Simulation of Computer and Telecommunication Systems, MASCOTS 2009, pp. 1–2, September 2009
Zadeh, M., Zein, M., Salem, M., Kumar, N., Cutulenco, G., Fischmeister, S.: SiPTA: signal processing for trace-based anomaly detection. In: Proceedings of the Conference on Embedded Software (EMSOFT), pp. 2–10, October 2014
Makhoul, J.: Fast cosine transform in one and two dimensions. IEEE Trans. Acoust. Speech Sig. Proc. 28(1), 27–34 (1980)
Linde, Y., Buzo, A., Gray, R.M.: An algorithm for vector quantizer design. IEEE Trans. Commun. 1, 702–710 (1980)
Devijver, P.A.: Baum’s forward–backward algorithm revisited. Pattern Recogn. Lett. 3, 369–373 (1985)
Intel: Pin tool. http://www.pintool.org/
Valgrind instrumentation framework. http://valgrind.org/
kcachegrind/coregrind. http://kcachegrind.sourceforge.net/html/Home.html
Cuzzocrea, A., Furfaro, F., Masciari, E., Saccà, D., Sirangelo, C.: Approximate query answering on sensor network data streams. In: Stefanidis, A., Nittel, S. (eds.) GeoSensor Networks, pp. 53–72. CRC Press, Boca Raton (2004)
Cuzzocrea, A., Saccá, D., Serafino, P.: A hierarchy-driven compression technique for advanced OLAP visualization of multidimensional data cubes. In: Tjoa, A.M., Trujillo, J. (eds.) DaWaK 2006. LNCS, vol. 4081, pp. 106–119. Springer, Heidelberg (2006)
Cuzzocrea, A., Saccà, D.: Balancing accuracy and privacy of OLAP aggregations on data cubes. In: Proceedings of the ACM 13th International Workshop on Data Warehousing and OLAP, DOLAP 2010, Toronto, Ontario, Canada, 30 October, pp. 93–98 (2010)
Cuzzocrea, A., Saccà, D., Ullman, J.D.: Big data: a research agenda. In: 17th International Database Engineering & Applications Symposium, IDEAS 2013, Barcelona, Spain, 09–11 October, pp. 198–203 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Cuzzocrea, A., Medvet, E., Mumolo, E., Cecolin, R. (2015). Detecting Anomalies in Embedded Computing Systems via a Novel HMM-Based Machine Learning Approach. In: Onieva, E., Santos, I., Osaba, E., Quintián, H., Corchado, E. (eds) Hybrid Artificial Intelligent Systems. HAIS 2015. Lecture Notes in Computer Science(), vol 9121. Springer, Cham. https://doi.org/10.1007/978-3-319-19644-2_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-19644-2_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19643-5
Online ISBN: 978-3-319-19644-2
eBook Packages: Computer ScienceComputer Science (R0)