Learning execution contexts from system call distribution for anomaly detection in smart embedded system

Man Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, Lui Sha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week)
PublisherAssociation for Computing Machinery
Pages191-196
Number of pages6
ISBN (Electronic)9781450349666
DOIs
StatePublished - Apr 18 2017
Event2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 - Pittsburgh, United States
Duration: Apr 18 2017Apr 20 2017

Publication series

NameProceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week)

Other

Other2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017
Country/TerritoryUnited States
CityPittsburgh
Period4/18/174/20/17

Keywords

  • Anomaly detection
  • Embedded systems
  • Security

ASJC Scopus subject areas

  • Hardware and Architecture
  • Control and Systems Engineering
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Learning execution contexts from system call distribution for anomaly detection in smart embedded system'. Together they form a unique fingerprint.

Cite this