Research On Anomaly Detection Technology Indeeply Embedded System:A Data-Driven Approach

Deeply Embedded Systems is an embedded system that is closely related to the real environment and resource-constrained.Witnessed by the rapid progress of the Internet of Things technology over the years,it has been applied widely,such as smart homes,smart cities,etc.While anomaly detection and monitoring seem as significant to make sure the normal work and improving the availability of the system as can be,there are some features including the resource-constrained,and the complexity of the deployment environment result in some challenges for the anomaly detection in the system.In this dissertation,we have done a study based on a data-driven approach to explore the program features of execution.This dissertation presents 3 approaches to responsible for the challenges mentioned above.And this dissertation did the following works:(1)We have run dozens of official applications in the simulation environment which has instruction level simulation accuracy and utilize the collection patch automatically to collect a large number of application task execution data to build the dataset of deeply embedded system task execution.Taking advantage of the dataset do the research to mine the feature of the deeply embedded system task frequency and the task transition feature are explored.These features are going to as the basis for the research of the deep embedded system anomaly detection method.(2)In light of the stability of task transition in a system node in a long time,Task Transition Probability based Anomaly Detection(T2PAD)method basis of task transition probability matrix similarity measure is proposed.T2PAD describe the working state of the node through the task transition probability matrix containing the all of one-step transition relationship that the node appears.Through the similarity measure of the row vectors in the matrix,it is determined whether the system state meets the expected state and then the anomaly detection is realized.The row vector that caused the state exception serves as diagnostic information to help developers locate the cause of the anomaly.Based on the help of T2PAD diagnostic information,we found 2 underlying program defects of TinyOS.(3)The T2PAD.U method is proposed to optimize some insufficient existing in T2PAD.The T2PAD method has the insufficient that the matrix is sparse and a large number of non-critical tasks transition occupy a large amount of resources.Therefore,the task frequency feature is utilized:a few tasks complete the main assignments of the node life period,further greatly reduce the number of tasks that need to be observed.Moreover,some parameters are fixed in T2PAD.U,which are used to fix the task frequency degree of freedom,thus making the T2PAD.U method have the detection capability for all tasks,even if those unobserved tasks.For the vector similarity calculation in T2PAD,the insufficient is the large overhead and the parameter threshold setting depend on the empirical.The u-test method is used to directly detect the transition frequency and provide a confidence interval.T2PAD.U is rougher than the diagnostic information provided by T2PAD.The crucial advantage of the T2PAD.U method is that it has extremely low requirements on computer resource overhead and can be directly deployed in resource-constrained microcontrollers.(4)While thetask-level anomaly detection provides coarser-grained diagnostic information,which is a resource-constrained compromise.In order to provide fine-grained detection methods in computational resource-rich scenarios such as TestBed or simulation environment to diagnose anomalyprecisely,we propose a fine-grained detection method,DeepTP.(Deep neural network and Trace Pointsbased Anomaly Detection).The program tracing method that only takes up the 2-byte RAM overhead is designed firstly,which is based on the in-function tracing points.Similar to natural language words following grammar logic,the sequence of tracing points follows strict program logic.DeepTP uses the GRU deep neural network to model the program tracing point sequence on a resource-rich computer platform.By predicting the normal tracing point and checking the point probability distribution betweentherealityand prediction by the?~2 test,the fine-grained granularity is achieved.The purpose of DeepTP can provide statement-level exception diagnostic information,which provides developers with the greatest help in locating the cause of the anomaly.