@inproceedings{1ec0c1d8ea854cc4a85de4b3b5b384af,
title = "Learning execution contexts from system call distribution for anomaly detection in smart embedded system",
abstract = "Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.",
keywords = "Anomaly detection, Embedded systems, Security",
author = "Yoon, {Man Ki} and Sibin Mohan and Jaesik Choi and Mihai Christodorescu and Lui Sha",
note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 ; Conference date: 18-04-2017 Through 20-04-2017",
year = "2017",
month = apr,
day = "18",
doi = "10.1145/3054977.3054999",
language = "English (US)",
series = "Proceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week)",
publisher = "Association for Computing Machinery",
pages = "191--196",
booktitle = "Proceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week)",
address = "United States",
}