Signal Processing for Trace-based Anomaly Detection in Embedded Software

dc.contributor.advisorFischmeister, Sebastian
dc.contributor.authorZeinali Zadeh Ranjbar, Mohammad Mehdi
dc.date.accessioned2016-01-21T16:30:20Z
dc.date.available2016-01-21T16:30:20Z
dc.date.issued2016-01-21
dc.date.submitted2016-01-20
dc.description.abstractEmbedded operating systems generate a log of operating system function calls which we refer to as traces. Trace-based anomaly detection deals with the problem of determining whether or not an instance of traces represents a normal execution scenario. Most current approaches focus on application areas outside of the embedded systems domain and thus do not take advantage of the intrinsic properties of this domain. This work introduces Signal Processing for Trace Based Anomaly Detection (SiPTA): a novel technique for offline trace-based anomaly detection that utilizes the intrinsic feature of periodicity present in embedded systems. SiPTA uses discrete-time Fourier transform which is a crucial tool of signal processing theory as an underlying method. This Thesis describes a generic framework for mapping execution traces to channels and signals for further processing. The classification stage of SiPTA uses a comprehensive set of metrics. As this thesis demonstrates, SiPTA is particularly useful for embedded systems. More specifically, we will compare SiPTA with state-of-the-art approaches to trace-based anomaly detection based on the Markov Model and Neural Networks. This thesis also shows the technical feasibility and viability of SiPTA through multiple case studies using traces from a field-tested hexacopter, a mobile phone platform, and a car infotainment unit. In the experiments, our approach outperformed every other tested method.en
dc.identifier.urihttp://hdl.handle.net/10012/10180
dc.language.isoenen
dc.pendingfalse
dc.publisherUniversity of Waterlooen
dc.subjectEmbedded Softwareen
dc.subjectAnomaly Detectionen
dc.subjectSignal Processingen
dc.titleSignal Processing for Trace-based Anomaly Detection in Embedded Softwareen
dc.typeMaster Thesisen
uws-etd.degreeMaster of Applied Scienceen
uws-etd.degree.departmentElectrical and Computer Engineeringen
uws-etd.degree.disciplineElectrical and Computer Engineeringen
uws-etd.degree.grantorUniversity of Waterlooen
uws.comment.hiddenThe references are after the appendices as there were citations inside Appendix A. I ensured with Paul Harnack that it is not going to be an issue.en
uws.contributor.advisorFischmeister, Sebastian
uws.contributor.affiliation1Faculty of Engineeringen
uws.peerReviewStatusUnrevieweden
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
ZEINALI_ZADEH_RANJBAR_MOHAMMAD_MEHDI.pdf
Size:
877.13 KB
Format:
Adobe Portable Document Format
Description:
Entire thesis

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
6.17 KB
Format:
Item-specific license agreed upon to submission
Description: