Abstract
Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.
Author supplied keywords
Cite
CITATION STYLE
Yoon, M. K., Mohan, S., Choi, J., Christodorescu, M., & Sha, L. (2017). Learning execution contexts from system call distribution for anomaly detection in smart embedded system. In Proceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week) (pp. 191–196). Association for Computing Machinery, Inc. https://doi.org/10.1145/3054977.3054999
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
