Abstract
Widespread use of connected embedded devices as well as the increase of their computational power makes them a desirable target for cyber attacks. Detecting such attacks early allows to stop their propagation and limit their impact. Contrasting previous works aiming to detect attacks using hardware performance counters, we conduct an initial feasibility study on the classification of types of attacks. Classification of an ongoing attack allows to choose a more suitable mitigation against the attack and thus to react to different types of attacks appropriately. During our experiments we collect more than 2.5 million execution traces from real hardware devices to build a simple anomaly classifier. Using decision tree algorithms, we analyzed more than 20 common use cases and the impact of 4 different attacks on the device. Our evaluation shows that hardware performance counters are useful for attack detection as well as for their classification. This technique can be implemented very efficiently with minimal overhead in software or in hardware even on low-end embedded systems.
| Original language | English |
|---|---|
| Publication status | Published - 12 Dec 2021 |
| Event | SPACE 2021: Eleventh International Conference on Security, Privacy and Applied Cryptographic Engineering - [Online] Duration: 10 Dec 2021 → 13 Dec 2021 Conference number: 11 https://cse.iitkgp.ac.in/conf/SPACE2021/ |
Conference
| Conference | SPACE 2021: Eleventh International Conference on Security, Privacy and Applied Cryptographic Engineering |
|---|---|
| Abbreviated title | SPACE 2021 |
| Period | 10/12/21 → 13/12/21 |
| Internet address |
Keywords
- PMU
- HPC
- hardware performance counter
- processor monitoring unit
- CPU event counter
- classification