We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 1501

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: Learning Execution Contexts from System Call Distributions for Intrusion Detection in Embedded Systems

Authors: Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, Lui Sha
(Submitted on 23 Jan 2015 (v1), last revised 2 Aug 2015 (this version, v2))
Abstract: Existing techniques used for intrusion detection do not fully utilize the intrinsic properties of embedded systems. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. We also present an architectural framework with minor processor modifications to aid in this process. Our prototype shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1501.05963 [cs.CR]
  (or arXiv:1501.05963v2 [cs.CR] for this version)

Submission history

From: Man-Ki Yoon [view email]
[v1] Fri, 23 Jan 2015 21:28:02 GMT (2353kb)
[v2] Sun, 2 Aug 2015 04:33:17 GMT (2211kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.