Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System
Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.
- Publisher
- IoTDI
- Issue Date
- 2017-04-20
- Language
- English
- Citation
2nd IEEE/ACM International Conference on Internet-of-Things Design and Implementation, IoTDI 2017, pp.191 - 196
- Appears in Collection
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.