Hardware-Performance-Counters-based anomaly detection in massively deployed smart industrial devices
作者: Malcolm Bourdon , Pierre-François Gimenez , Eric Alata , Mohamed Kaâniche , Vincent Migliore
DOI: 10.1109/NCA51143.2020.9306726
关键词:
摘要: Energy providers are massively deploying devices to manage distributed resources or equipment. These used for example the energy of smart factories efficiently monitor infrastructure smart-grids. By design, they typically exhibit homogeneous behavior, with similar software and hardware architecture. Unfortunately, these also interest attackers aiming develop botnets compromise companies' security. This paper presents a new protection approach based on Hardware Performance Counters (HPC) detect anomalies in deployed devices. HPC processed using outlier detection algorithms. Compared existing solutions, we propose lightweight comparative analysis devices' without relying modeling applications running To assess relevance effectiveness approach, thorough experimental is carried out representative industrial-type environment, sampling data from 100 Raspberry Pi simulate about 10,000 simultaneously. The results show high performance efficiency under different profiles attack payloads. Moreover, calibration depends primarily rather than application It should ease its deployment an operational environment.
sci-hub.st 参考文章(23)
P. Franti, V. Hautamaki, I. Karkkainen, Outlier detection using k-nearest neighbour graph international conference on pattern recognition. ,vol. 3, pp. 430- 433 ,(2004) , 10.1109/ICPR.2004.671
Vincent Nicomette, Mohamed Kaâniche, Eric Alata, Matthieu Herrb, Set-up and deployment of a high-interaction honeypot: experiment and lessons learned Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 143- 157 ,(2011) , 10.1007/S11416-010-0144-2
Peter J. Rousseeuw, Christophe Croux, Alternatives to the Median Absolute Deviation Journal of the American Statistical Association. ,vol. 88, pp. 1273- 1283 ,(1993) , 10.1080/01621459.1993.10476408
Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Andreas Müller, Joel Nothman, Gilles Louppe, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, Jake Vanderplas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, Édouard Duchesnay, Scikit-learn: Machine Learning in Python Journal of Machine Learning Research. ,vol. 12, pp. 2825- 2830 ,(2011)
Vincent M. Weaver, Dan Terpstra, Shirley Moore, Non-determinism and overcount on modern hardware performance counter implementations international symposium on performance analysis of systems and software. pp. 215- 224 ,(2013) , 10.1109/ISPASS.2013.6557172
Varun Chandola, Arindam Banerjee, Vipin Kumar, Anomaly detection: A survey ACM Computing Surveys. ,vol. 41, pp. 15- ,(2009) , 10.1145/1541880.1541882
Sridhar Ramaswamy, Rajeev Rastogi, Kyuseok Shim, Efficient algorithms for mining outliers from large data sets international conference on management of data. ,vol. 29, pp. 427- 438 ,(2000) , 10.1145/335191.335437
Mennatallah Amer, Markus Goldstein, Slim Abdennadher, Enhancing one-class support vector machines for unsupervised anomaly detection knowledge discovery and data mining. pp. 8- 15 ,(2013) , 10.1145/2500853.2500857
Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, Jörg Sander, LOF: identifying density-based local outliers international conference on management of data. ,vol. 29, pp. 93- 104 ,(2000) , 10.1145/335191.335388
Vincent M. Weaver, Sally A. McKee, Can hardware performance counters be trusted ieee international symposium on workload characterization. pp. 141- 150 ,(2008) , 10.1109/IISWC.2008.4636099