SPMOS-Based Intrusion Detection Architecture

Abstract

Security of embedded systems is becoming more and more important. IDS (instrusion detection system) has been designed to protect systems from being compromised by network attacks. A lot of researches have been done on it. However, most of them focus on complex and time-consuming detection methods to improve accuracy of the system, with assumption that IDS is running under control of general purpose operating systems (GPOS). In this way, the IDS itself will depress overall performance and cannot be guaranteed secure. In this paper, we present an embedded architecture of SPMOS-based IDS. SPMOS, located in SPM, is a little OS running under GPOS. Experiment results show that the architecture is fast. Based on this, we also design a simple IDS and conduct tests by integrating it into SPMOS and GPOS. The former consumes the latter's 8.3% time only, with less than 6.2% overhead, which verifies the architecture proposed is practical and efficient.