Anomalous behavior detection in processor based systems

1 . A method for anomaly detection in a processor based system, the method comprising: training a deep learning sequence prediction model using observed baseline behavioral sequences of at least one processor behavior of the processor based system; predicting baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model; determining a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences; predicting test behavioral sequences from observed, test behavioral sequences using the sequence prediction model; determining a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences; and comparing the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system. 2 . The method of claim 1 , wherein if the comparison determines a shift between the baseline reconstruction error distribution profile and the testing reconstruction error distribution profile, an anomaly is determined to exist in a processor behavior of the processor based system. 3 . The method of claim 1 , wherein the comparison is performed using a statistical, two-sample test. 4 . The method of claim 1 , wherein the baseline reconstruction error distribution profile is compared to the testing reconstruction error distribution profile using a Kolmogorov-Smirnov Test. 5 . The method of claim 4 , wherein if the Kolmogorov-Smirnov Test determines a shift between the baseline reconstruction error distribution profile and the testing reconstruction error distribution profile, an anomaly is assumed to exist in a processor behavior of the processor based system. 6 . The method of claim 1 , wherein the deep learning sequence prediction model is trained using temporal sequences of the processor behavior to characterize processor behavior over time. 7 . The method of claim 1 , wherein at least one of the observed baseline behavioral sequences and the observed, test behavioral sequences comprise a distribution of at least one of instructions and events. 8 . The method of claim 1 , further comprising alerting a user of the processor based system of the existence of an anomaly in the processor based system. 9 . The method of claim 1 , wherein a number of behavioral sequences used to train the deep learning sequence prediction model is dependent upon a granularity desired for characterizing behaviors of the processor. 10 . The method of claim 1 , comprising using sensors to observe the processor behavioral sequences, wherein the processor behaviors are monitored using at least one respective sensor for each processor behavior. 11 . The method of claim 1 , wherein the identification of the anomaly in the processor based system alerts to the possible existence of malware in the processor based system. 12 . An apparatus in a processor based system for anomaly detection, comprising: a sequence generator module to: train a deep learning sequence prediction model using baseline behavioral sequences of at least one processor behavior of the processor based system observed by at least one sensor; predict baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model; determine a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences; predict test behavioral sequences from test behavioral sequences observed by the at least one sensor using the sequence prediction model; and determine a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences; and a sequence analysis module to: compare the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system. 13 . The apparatus of claim 12 , further comprising a reporter module to generate a report including a summary of a result of the sequence analysis module. 14 . The apparatus of claim 13 , wherein the reporter module alerts a user of the processor based system of the existence of an anomaly in the processor based system. 15 . The apparatus of claim 12 , wherein the at least one sensor comprises a hardware performance counter. 16 . The apparatus of claim 12 , wherein if the sequence analysis module determines a shift between the baseline reconstruction error distribution profile and the testing reconstruction error distribution profile, an anomaly is determined to exist in a processor behavior of the processor based system. 17 . The apparatus of claim 12 , wherein the baseline reconstruction error distribution profile is compared to the testing reconstruction error distribution profile using a Kolmogorov-Smirnov Test and wherein if the Kolmogorov-Smirnov Test determines a shift between the baseline reconstruction error distribution profile and the testing reconstruction error distribution profile, an anomaly is assumed to exist in a processor behavior of the processor based system. 18 . The apparatus of claim 12 , wherein if the sequence analysis module determines that an anomaly exists in the processor based system, the apparatus alerts to the possible existence of malware in the processor based system. 19 . A processor based system for anomaly detection, comprising: at least one sensor observing processor functionality of a processor of the processor based system; a computing platform, comprising: at least one processor; and a memory coupled to the processor, the memory having stored therein at least one of programs or instructions executable by the at least one processor to configure the computing platform to: train a deep learning sequence prediction model using baseline behavioral sequences of the at least one processor observed by the at least one sensor; predict baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model; determine a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences; predict test behavioral sequences from test behavioral sequences observed by the at least one sensor using the sequence prediction model; determine a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences; and compare the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system. 20 . A non-transitory computer-readable medium having stored thereon at least one program, the at least one program including instructions which, when executed by a processor, cause the processor to perform a method in a processor based system for anomaly detection, comprising: training a deep learning sequence prediction model using observed baseline behavioral sequences of at least one processor behavior of the processor based system; predicting baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model; determining a basel