{"id":"https://openalex.org/W3170203330","doi":"https://doi.org/10.1109/syscon48628.2021.9447078","title":"Real-Time Edge Processing Detection of Malicious Attacks Using Machine Learning and Processor Core Events","display_name":"Real-Time Edge Processing Detection of Malicious Attacks Using Machine Learning and Processor Core Events","publication_year":2021,"publication_date":"2021-04-15","ids":{"openalex":"https://openalex.org/W3170203330","doi":"https://doi.org/10.1109/syscon48628.2021.9447078","mag":"3170203330"},"language":"en","primary_location":{"id":"doi:10.1109/syscon48628.2021.9447078","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon48628.2021.9447078","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Systems Conference (SysCon)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080300587","display_name":"Rob Oshana","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Rob Oshana","raw_affiliation_strings":["Software R&D NXP Semiconductors, Austin, Texas, USA"],"affiliations":[{"raw_affiliation_string":"Software R&D NXP Semiconductors, Austin, Texas, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082009815","display_name":"Mitchell A. Thornton","orcid":"https://orcid.org/0000-0003-3559-9511"},"institutions":[{"id":"https://openalex.org/I178169726","display_name":"Southern Methodist University","ror":"https://ror.org/042tdr378","country_code":"US","type":"education","lineage":["https://openalex.org/I178169726"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mitchell A. Thornton","raw_affiliation_strings":["Darwin Deason Institute for Cybersecurity Southern Methodist University, Dallas, Texas, USA"],"affiliations":[{"raw_affiliation_string":"Darwin Deason Institute for Cybersecurity Southern Methodist University, Dallas, Texas, USA","institution_ids":["https://openalex.org/I178169726"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023773515","display_name":"Eric C. Larson","orcid":"https://orcid.org/0000-0001-6040-868X"},"institutions":[{"id":"https://openalex.org/I178169726","display_name":"Southern Methodist University","ror":"https://ror.org/042tdr378","country_code":"US","type":"education","lineage":["https://openalex.org/I178169726"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eric C. Larson","raw_affiliation_strings":["Darwin Deason Institute for Cybersecurity Southern Methodist University, Dallas, Texas, USA"],"affiliations":[{"raw_affiliation_string":"Darwin Deason Institute for Cybersecurity Southern Methodist University, Dallas, Texas, USA","institution_ids":["https://openalex.org/I178169726"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011304855","display_name":"Xavier Roumegue","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xavier Roumegue","raw_affiliation_strings":["NXP Semiconductors, Austin, Texas, USA"],"affiliations":[{"raw_affiliation_string":"NXP Semiconductors, Austin, Texas, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080300587"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.2346,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.78929073,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9024652242660522},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8134663105010986},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.5482649207115173},{"id":"https://openalex.org/keywords/x86","display_name":"x86","score":0.5446258783340454},{"id":"https://openalex.org/keywords/multi-core-processor","display_name":"Multi-core processor","score":0.5304155945777893},{"id":"https://openalex.org/keywords/branch-predictor","display_name":"Branch predictor","score":0.4322550594806671},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.4263652265071869},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4253884255886078},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.41530776023864746},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4143937826156616},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4117198586463928},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3937735855579376},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.37426459789276123},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.09425437450408936}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9024652242660522},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8134663105010986},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.5482649207115173},{"id":"https://openalex.org/C170723468","wikidata":"https://www.wikidata.org/wiki/Q182933","display_name":"x86","level":3,"score":0.5446258783340454},{"id":"https://openalex.org/C78766204","wikidata":"https://www.wikidata.org/wiki/Q555032","display_name":"Multi-core processor","level":2,"score":0.5304155945777893},{"id":"https://openalex.org/C168522837","wikidata":"https://www.wikidata.org/wiki/Q679552","display_name":"Branch predictor","level":2,"score":0.4322550594806671},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.4263652265071869},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4253884255886078},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.41530776023864746},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4143937826156616},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4117198586463928},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3937735855579376},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.37426459789276123},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.09425437450408936},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/syscon48628.2021.9447078","is_oa":false,"landing_page_url":"https://doi.org/10.1109/syscon48628.2021.9447078","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Systems Conference (SysCon)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W2034053858","https://openalex.org/W2087300543","https://openalex.org/W2101234009","https://openalex.org/W2122404498","https://openalex.org/W2166844173","https://openalex.org/W2319159802","https://openalex.org/W2495657724","https://openalex.org/W2566616266","https://openalex.org/W2725461839","https://openalex.org/W2786944418","https://openalex.org/W2791314317","https://openalex.org/W2798483781","https://openalex.org/W2799161306","https://openalex.org/W2883063988","https://openalex.org/W2911964244","https://openalex.org/W2932551155","https://openalex.org/W2950774332","https://openalex.org/W4247833239","https://openalex.org/W6675354045","https://openalex.org/W6678209718","https://openalex.org/W6739901113","https://openalex.org/W6752683788","https://openalex.org/W6764268162"],"related_works":["https://openalex.org/W2061007994","https://openalex.org/W2408643487","https://openalex.org/W2145546531","https://openalex.org/W4256090683","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1016402482","https://openalex.org/W1498897948","https://openalex.org/W2118824068","https://openalex.org/W1563276111"],"abstract_inverted_index":{"A":[0],"method":[1],"for":[2,232],"the":[3,6,11,98,119,150,172,175,182,186],"detection":[4,102,151],"of":[5,136,140,169,174,191,207],"malicious":[7,43,176,183],"events":[8],"such":[9,45],"as":[10,46],"SPECTRE":[12,47],"exploit":[13,101,177,193],"is":[14,59,92,133,225],"proposed":[15],"and":[16,21,79,94,107,155,235],"evaluated":[17],"using":[18],"machine":[19,30,161],"learning":[20,31,162],"processor":[22],"core":[23],"events.":[24],"In":[25,112,217],"this":[26],"work,":[27],"we":[28],"use":[29,62],"to":[32,41,61,66,96],"implement":[33],"a":[34,50,53,68,87,114,130,137,167,220],"system":[35,85],"based":[36,55],"on":[37,52],"hardware":[38,65],"event":[39,120,141,145],"counters":[40],"detect":[42,67],"exploits":[44],"running":[48],"in":[49,71,76,149,201,205],"process":[51],"Linux":[54],"system.":[56],"Our":[57],"approach":[58],"designed":[60,93],"existing":[63],"on-chip":[64],"SPECTRE-based":[69],"exploitation":[70],"real":[72],"time.":[73],"Prototype":[74],"architectures":[75],"both":[77],"x86":[78],"ARM-based":[80],"SoC's":[81],"representing":[82],"an":[83],"embedded":[84],"with":[86,166,209],"corresponding":[88,210],"realtime":[89],"Edge-based":[90],"classifier":[91,187],"implemented":[95,165],"validate":[97],"approach.":[99],"This":[100],"architecture":[103],"uses":[104],"software":[105,115],"agents":[106],"requires":[108],"no":[109],"additional":[110],"hardware.":[111],"particular,":[113],"agent":[116],"periodically":[117],"accesses":[118],"counter":[121,142,146],"register":[122],"file":[123],"during":[124],"runtime.":[125],"At":[126],"each":[127],"observation":[128],"time,":[129],"feature":[131],"vector":[132],"formulated":[134],"consisting":[135],"particular":[138],"subset":[139],"data.":[143],"The":[144],"data":[147],"used":[148],"technique":[152],"includes":[153],"cache":[154],"branch":[156],"prediction":[157],"counts.":[158],"Various":[159],"different":[160],"classifiers":[163,199],"are":[164,230],"goal":[168],"predicting":[170],"either":[171],"presence":[173],"or":[178],"something":[179],"other":[180],"than":[181,215],"exploit.":[184],"Thus,":[185],"outputs":[188],"binary":[189],"states":[190],"\u201cmalicious":[192],"present\u201d":[194],"versus":[195],"\u201cnormal":[196],"operation.\u201d":[197],"Many":[198],"resulted":[200],"true":[202],"positive":[203,212,223],"rates":[204,213],"excess":[206],"98%":[208],"false":[211,222],"less":[214],"1%.":[216],"many":[218],"cases,":[219],"0%":[221],"rate":[224],"achieved.":[226],"These":[227],"predictive":[228],"approaches":[229],"compared":[231],"training":[233],"complexity":[234],"performance.":[236]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3}],"updated_date":"2026-04-20T07:46:08.049788","created_date":"2025-10-10T00:00:00"}