HPCgnature: a hardware-based application-level intrusion detection system

HPCgnature: a hardware-based application-level intrusion detection system

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

In the past decade, commodity software applications have been deployed more than ever in almost every domain. Having the ability to differentiate the original trusted application at run-time from its compromised, mimic or trojanised versions would mitigate a broad range of intrusion threats to these applications. This has been addressed by application-level intrusion detection systems, however, such schemes mostly depend on the system software for either monitoring or modelling the application. This is while system software can itself get compromised by kernel-level rootkit attacks. In this study, the authors have proposed a new hardware-based app-IDS, which works independent of the system software of the target system. The proposed method, referred to as HPCgnature, includes a new abstraction corresponding to the repetitious functionalities of programs. Such functionalities generate a distinguishing sequence of periods, referred to in this study as the Operational Periodicity. The method uses monitoring scheme based on external access to the hardware performance counters of CPUs. Implementing a prototype, they have shown how HPCgnature can detect intrusions in 12 complex interactive desktop applications. Evaluation results indicate this model could differentiate applications with 98% accuracy, and can detect even small run-time code injection attacks by an accuracy of >75%

Related content

This is a required field
Please enter a valid email address