Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System
| Title | Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Yoon, Man-Ki, Mohan, Sibin, Choi, Jaesik, Christodorescu, Mihai, Sha, Lui |
| Conference Name | Proceedings of the Second International Conference on Internet-of-Things Design and Implementation |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4966-6 |
| Keywords | anomaly detection, cyber physical systems, Embedded systems, Metrics, pubcrawl, resilience, Resiliency, Scalability, security, Time Frequency Analysis |
| Abstract | Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths. |
| URL | https://dl.acm.org/citation.cfm?doid=3054977.3054999 |
| DOI | 10.1145/3054977.3054999 |
| Citation Key | yoon_learning_2017 |