2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017, pp.191 - 196
Abstract
Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.
Publisher
2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017