Intrusion Detection System for Embedded Systems

Abstract

Embedded devices are widely used in modern life. Smart meters are installed at homes, measure electricity consumption, and provide a two-way communication with the utility server. Modern cars consist of tens of Electronic Control Units (ECU) that control different components of the car such as speed, door locks, and breaks. Medical devices such as pacemakers and insulin pumps are implanted in the bodies of patients, and control their heart rate and insulin level. These devices are performing critical tasks and hence, their security is important. However, in recent years, researchers have found vulnerabilities in all these classes of devices, and have successfully demonstrated attacks against them. Given the critical nature of use cases of embedded systems, building Intrusion Detection System (IDS) for them is a necessity. However, embedded systems have constraints that make building IDS for them challenging. One of these constraints is memory. Memory capacity of embedded devices may be as small as several hundreds of kilobytes. This makes traditional solutions for building IDSes unusable. In my research, we analyze the security of embedded devices. Based on the results of my analysis, we develop techniques to automatically build IDSes for embedded devices, within their memory capacity, while optimizing the detection rate of the IDS with respect to the user's criteria. This research, makes developing IDSes for different classes of embedded systems, and with different memory capacities easier, and improves their security.