{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:04:06Z","timestamp":1782864246274,"version":"3.54.5"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032161642","type":"print"},{"value":"9783032161659","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-16165-9_23","type":"book-chapter","created":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T22:57:23Z","timestamp":1776639443000},"page":"378-396","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Hardware Performance Counters for\u00a0Anomaly Detection in\u00a0Embedded Devices"],"prefix":"10.1007","author":[{"given":"Victor","family":"Breux","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pierre-Henri","family":"Thevenon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"23_CR1","unstructured":"Cpuminer-multi. https:\/\/github.com\/tpruvot\/cpuminer-multi. Accessed 25 Apr 2025"},{"key":"23_CR2","unstructured":"Hydra. https:\/\/www.kali.org\/tools\/hydra\/. Accessed 25 Apr 2025"},{"key":"23_CR3","unstructured":"PAPI: the performance application programming interface. https:\/\/hpc.llnl.gov\/software\/development-environment-software\/papi-performance-application-programming-interface. Accessed 25 Apr 2025"},{"key":"23_CR4","unstructured":"perf: Linux profiling with performance counters. https:\/\/perfwiki.github.io\/main\/. Accessed 25 Apr 2025"},{"key":"23_CR5","unstructured":"STM32MP157F-DK2 - DISCOVERY KIT WITH STM32MP157F MPU. https:\/\/www.st.com\/en\/evaluation-tools\/stm32mp157f-dk2.html. Accessed 21 Jan 2025"},{"key":"23_CR6","doi-asserted-by":"crossref","unstructured":"Adhikari, S., Asad, H., Jones, K.: Enhancing IoT security: novel mechanisms for malware detection using HPCs and neural networks. In: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1455\u20131463. IEEE, Exeter (2023). 10.1109\/TrustCom60117.2023.00199","DOI":"10.1109\/TrustCom60117.2023.00199"},{"key":"23_CR7","doi-asserted-by":"crossref","unstructured":"Alves, T.R., Buratto, M., de Souza, F.M., Rodrigues, T.V.: OpenPLC: an open source alternative to automation. In: IEEE Global Humanitarian Technology Conference (GHTC 2014), pp. 585\u2013589 (2014). 10.1109\/GHTC.2014.6970342","DOI":"10.1109\/GHTC.2014.6970342"},{"key":"23_CR8","doi-asserted-by":"crossref","unstructured":"Anand, P.M., Charan, P.V.S., Shukla, S.K.: HiPeR - early detection of a ransomware attack using hardware performance counters. Dig. Threats 4(3), 1\u201324 (2023). 10.1145\/3608484","DOI":"10.1145\/3608484"},{"key":"23_CR9","doi-asserted-by":"crossref","unstructured":"Bourdon, M., et al.: Hardware-performance-counters-based anomaly detection in massively deployed smart industrial devices. In: 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA), pp. 1\u20138. IEEE, Cambridge (2020). 10.1109\/NCA51143.2020.9306726","DOI":"10.1109\/NCA51143.2020.9306726"},{"key":"23_CR10","doi-asserted-by":"crossref","unstructured":"Das, S., Chen, B., Chandramohan, M., Liu, Y., Zhang, W.: ROPSentry: runtime defense against ROP attacks using hardware performance counters. Comput. Secur. 73, 374\u2013388 (2018). 10.1016\/j.cose.2017.11.011","DOI":"10.1016\/j.cose.2017.11.011"},{"key":"23_CR11","doi-asserted-by":"crossref","unstructured":"Das, S., Werner, J., Antonakakis, M., Polychronakis, M., Monrose, F.: SoK: the challenges, pitfalls, and perils of using hardware performance counters for security. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 20\u201338 (2019). 10.1109\/SP.2019.00021","DOI":"10.1109\/SP.2019.00021"},{"key":"23_CR12","doi-asserted-by":"crossref","unstructured":"Demme, J., et al.: On the feasibility of online malware detection with performance counters. ACM SIGARCH Comput. Architect. News 41(3), 559\u2013570 (2013). 10.1145\/2508148.2485970","DOI":"10.1145\/2508148.2485970"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"Fulcher, B.D.: Feature-based time-series analysis (2017). 10.48550\/arXiv.1709.08055","DOI":"10.1201\/9781315181080-4"},{"key":"23_CR14","unstructured":"Guyon, I., Elisseeff, A.: An introduction to variable and feature selection. J. Mach. Learn. Res. 3(null), 1157\u20131182 (2003)"},{"key":"23_CR15","doi-asserted-by":"crossref","unstructured":"Kadiyala, S.P., Jadhav, P., Lam, S.K., Srikanthan, T.: Hardware performance counter-based fine-grained malware detection. ACM Trans. Embed. Comput. Syst. 19(5), 1\u201317 (2020). 10.1145\/3403943","DOI":"10.1145\/3403943"},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Konstantinou, C., Wang, X., Krishnamurthy, P., Khorrami, F., Maniatakos, M., Karri, R.: HPC-based malware detectors actually work: transition to practice after a decade of research. IEEE Design Test 39(4), 23\u201332 (2022). 10.1109\/MDAT.2022.3143438","DOI":"10.1109\/MDAT.2022.3143438"},{"key":"23_CR17","doi-asserted-by":"crossref","unstructured":"Kraskov, A., St\u00f6gbauer, H., Grassberger, P.: Estimating mutual information. Phys. Rev. E, Statist., Nonlinear, Soft Matter Phys. 69(6 Pt 2), 066138 (2004). 10.1103\/PhysRevE.69.066138","DOI":"10.1103\/PhysRevE.69.066138"},{"key":"23_CR18","doi-asserted-by":"crossref","unstructured":"Krishnamurthy, P., Karri, R., Khorrami, F.: Anomaly detection in real-time multi-threaded processes using hardware performance counters. IEEE Trans. Inf. Forensics Secur. 15, 666\u2013680 (2020). 10.1109\/TIFS.2019.2923577","DOI":"10.1109\/TIFS.2019.2923577"},{"key":"23_CR19","doi-asserted-by":"crossref","unstructured":"Kuruvila, A.P., Karmakar, S., Basu, K.: Time series-based malware detection using hardware performance counters. In: 2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 102\u2013112. IEEE, Tysons Corner (2021). 10.1109\/HOST49136.2021.9702291","DOI":"10.1109\/HOST49136.2021.9702291"},{"key":"23_CR20","doi-asserted-by":"crossref","unstructured":"Kuruvila, A.P., Meng, X., Kundu, S., Pandey, G., Basu, K.: Explainable machine learning for intrusion detection via hardware performance counters. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 41(11), 4952\u20134964 (2022). 10.1109\/TCAD.2022.3149745","DOI":"10.1109\/TCAD.2022.3149745"},{"key":"23_CR21","doi-asserted-by":"crossref","unstructured":"Mushtaq, M., Akram, A., Bhatti, M.K., Chaudhry, M., Lapotre, V., Gogniat, G.: Nights-watch: a cache-based side-channel intrusion detector using hardware performance counters. In: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, pp.\u00a01\u20138 (2018)","DOI":"10.1145\/3214292.3214293"},{"key":"23_CR22","doi-asserted-by":"crossref","unstructured":"Nascimento, P.P.D., Pereira, P., Mialaret, J.M., Ferreira, I., Maciel, P.: A methodology for selecting hardware performance counters for supporting non-intrusive diagnostic of flood DDoS attacks on web servers. Comput. Secur. 110, 102434 (2021). 10.1016\/j.cose.2021.102434","DOI":"10.1016\/j.cose.2021.102434"},{"key":"23_CR23","doi-asserted-by":"crossref","unstructured":"Olani, G., Wu, C.F., Chang, Y.H., Shih, W.K.: DeepWare: imaging performance counters with deep learning to detect ransomware. IEEE Trans. Comput.,\u00a01\u20131 (2022). 10.1109\/TC.2022.3173149","DOI":"10.1109\/TC.2022.3173149"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Omotosho, A., Welearegai, G.B., Hammer, C.: Detecting return-oriented programming on firmware-only embedded devices using hardware performance counters. In: Proceedings of the 37th ACM\/SIGAPP Symposium on Applied Computing, pp. 510\u2013519. ACM, Virtual Event (2022). 10.1145\/3477314.3507108","DOI":"10.1145\/3477314.3507108"},{"key":"23_CR25","doi-asserted-by":"crossref","unstructured":"Oshana, R., Thornton, M.A., Larson, E.C., Roumegue, X.: Real-time edge processing detection of malicious attacks using machine learning and processor core events. In: 2021 IEEE International Systems Conference (SysCon), pp.\u00a01\u20138. IEEE, Vancouver (2021). 10.1109\/SysCon48628.2021.9447078","DOI":"10.1109\/SysCon48628.2021.9447078"},{"key":"23_CR26","doi-asserted-by":"crossref","unstructured":"Polychronou, N.F., Thevenon, P.H., Puys, M., Beroulle, V.: A hybrid solution for constrained devices to detect microarchitectural attacks. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 259\u2013269 (2023). 10.1109\/EuroSPW59978.2023.00033","DOI":"10.1109\/EuroSPW59978.2023.00033"},{"key":"23_CR27","unstructured":"Pundir, N., Tehranipoor, M., Rahman, F.: RanStop: a hardware-assisted runtime crypto-ransomware detection technique (2020). 10.48550\/arXiv.2011.12248"},{"key":"23_CR28","doi-asserted-by":"crossref","unstructured":"Satilmi\u015f, H., Akleylek, S., Tok, Z.Y.: A systematic literature review on host-based intrusion detection systems. IEEE Access 12, 27237\u201327266 (2024). 10.1109\/ACCESS.2024.3367004","DOI":"10.1109\/ACCESS.2024.3367004"},{"key":"23_CR29","doi-asserted-by":"crossref","unstructured":"Sayadi, H., et al.: Towards accurate run-time hardware-assisted stealthy malware detection: a lightweight, yet effective time series CNN-based approach. Cryptography 5(4), 28 (2021). 10.3390\/cryptography5040028","DOI":"10.3390\/cryptography5040028"},{"key":"23_CR30","doi-asserted-by":"crossref","unstructured":"Singh, B., Evtyushkin, D., Elwell, J., Riley, R., Cervesato, I.: On the detection of kernel-level rootkits using hardware performance counters. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 483\u2013493. ACM, Abu Dhabi United Arab Emirates (2017). 10.1145\/3052973.3052999","DOI":"10.1145\/3052973.3052999"},{"key":"23_CR31","doi-asserted-by":"crossref","unstructured":"Singh, Y., Kuruvila, A.P., Basu, K.: Hardware-assisted detection of malware in automotive-based systems. In: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1763\u20131768. IEEE, Grenoble (2021). 10.23919\/DATE51398.2021.9474053","DOI":"10.23919\/DATE51398.2021.9474053"},{"key":"23_CR32","unstructured":"Thevenon, P., et al.: iMRC: integrated monitoring & recovery component, a solution to guarantee the security of embedded systems. J. Internet Serv. Inf. Secur. 12(2), 70\u201394 (2022). 10.22667\/JISIS.2022.05.31.070"},{"key":"23_CR33","doi-asserted-by":"crossref","unstructured":"Wang, H., Sayadi, H., Pudukotai\u00a0Dinakarrao, S.M., Sasan, A., Rafatirad, S., Homayoun, H.: Enabling micro AI for securing edge devices at hardware level. IEEE J. Emerg. Sel. Top. Circuits Syst. 11(4), 803\u2013815 (2021). 10.1109\/JETCAS.2021.3126816","DOI":"10.1109\/JETCAS.2021.3126816"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Wang, X., Karri, R.: NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: Proceedings of the 50th Annual Design Automation Conference, DAC \u201913. Association for Computing Machinery, New York (2013). 10.1145\/2463209.2488831","DOI":"10.1145\/2463209.2488831"},{"key":"23_CR35","doi-asserted-by":"crossref","unstructured":"Wang, X., Karri, R.: Reusing hardware performance counters to detect and identify kernel control-flow modifying rootkits. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 35(3), 485\u2013498 (2016). 10.1109\/TCAD.2015.2474374","DOI":"10.1109\/TCAD.2015.2474374"},{"key":"23_CR36","doi-asserted-by":"crossref","unstructured":"Woralert, C., Liu, C., Blasingame, Z.: HARD-Lite: a lightweight hardware anomaly realtime detection framework targeting ransomware. IEEE Trans. Circuits Syst. I: Regul. Pap. 70(12), 5036\u20135047 (2023). 10.1109\/TCSI.2023.3299532","DOI":"10.1109\/TCSI.2023.3299532"},{"key":"23_CR37","doi-asserted-by":"crossref","unstructured":"Woralert, C., Liu, C., Blasingame, Z., Yang, Z.: A comparison of one-class and two-class models for ransomware detection via low-level hardware information. In: 2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp.\u00a01\u20136. IEEE, Tianjin (2023). 10.1109\/AsianHOST59942.2023.10409333","DOI":"10.1109\/AsianHOST59942.2023.10409333"},{"key":"23_CR38","doi-asserted-by":"publisher","unstructured":"Zhou, H., Wu, X., Shi, W., Yuan, J., Liang, B.: HDROP: detecting ROP attacks using performance monitoring counters. In: Information Security Practice and Experience, vol.\u00a08434, pp. 172\u2013186. Springer International Publishing, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06320-1_14. series Title: Lecture Notes in Computer Science","DOI":"10.1007\/978-3-319-06320-1_14"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2025 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-16165-9_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T23:36:55Z","timestamp":1782862615000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-16165-9_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032161642","9783032161659"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-16165-9_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}