A Lightweight Intrusion Detection System against IoT Memory Corruption Attacks

Abstract

Attacks against internet-of-things (IoT) end-devices represent a significant threat since their wireless communication capabilities provide a potential attack entry point. To address this threat, we demonstrate the use of hardware performance counters (HPCs) in a host-based intrusion detection system (HIDS). The counter-based monitors are customized to support IoT end-devices which use low data rate GHz and sub-GHz protocols. Our solution implements a hardware unit that performs data tracing for a 32-bit RISC-V based wireless connectivity unit. The unit can detect ongoing remote attacks in real time. We demonstrate the effectiveness of our system by detecting a packet injection exploit. Our FPGA implementation of HIDS has a logic overhead of about 6% and design frequency penalty of less than 1% for a RISC-V processor.