Syndrome: Spectral analysis for anomaly detection on medical IoT and embedded devices

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2018-04-01 DOI:10.1109/HST.2018.8383884

Nader Sehatbakhsh, Monjur Alam, A. Nazari, A. Zajić, Milos Prvulović

{"title":"Syndrome: Spectral analysis for anomaly detection on medical IoT and embedded devices","authors":"Nader Sehatbakhsh, Monjur Alam, A. Nazari, A. Zajić, Milos Prvulović","doi":"10.1109/HST.2018.8383884","DOIUrl":null,"url":null,"abstract":"Recent advances in embedded and IoT (internet-of-things) technologies are rapidly transforming health-care solutions and we are headed to a future of smaller, smarter, wearable and connected medical devices. IoT and advanced health sensors provide more convenience to patients and physicians. Where physicians can now wirelessly and automatically monitor patient's state. While these medical embedded devices provide a lot of new opportunities to improve the health care system, they also introduce a new set of security risks since they are connected to networks. More importantly, these devices are extremely hardware- and power-constrained, which in turn makes securing these devices more complex. Implementing complex malware detectors or anti-virus on these devices is either very costly or infeasible due to these limitations on power and resources. In this paper, we propose a new framework called SYNDROME for “externally” monitoring medical embedded devices. Our malware detector uses electromagnetic (EM) signals involuntary generated by the device as it executes a (medical) application in the absence of malware, and analyzes them to build a reference model. It then monitors the EM signals generated by the device during execution and reports an error if there is a statistically significant deviation from the reference model. To evaluate Syndrome, we use open-source software to implement a real-world medical device, called a Syringe Pump, on a variety of well-known embedded/IoT devices including Arduino Uno, FPGA Nios II soft-core, and two Linux IoT mini-computers: OlimexA13 and TS-7250. We also implement a control-flow hijack attack on SyringePump and use Syndrome to detect and stop the attack. Our experimental results show that using Syndrome, we can detect the attack for all the four devices with excellent accuracy (i.e. 0% false positive and 100% true positive) within few milliseconds after the attack starts.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"25 1","pages":"1-8"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2018.8383884","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 44

Abstract

Recent advances in embedded and IoT (internet-of-things) technologies are rapidly transforming health-care solutions and we are headed to a future of smaller, smarter, wearable and connected medical devices. IoT and advanced health sensors provide more convenience to patients and physicians. Where physicians can now wirelessly and automatically monitor patient's state. While these medical embedded devices provide a lot of new opportunities to improve the health care system, they also introduce a new set of security risks since they are connected to networks. More importantly, these devices are extremely hardware- and power-constrained, which in turn makes securing these devices more complex. Implementing complex malware detectors or anti-virus on these devices is either very costly or infeasible due to these limitations on power and resources. In this paper, we propose a new framework called SYNDROME for “externally” monitoring medical embedded devices. Our malware detector uses electromagnetic (EM) signals involuntary generated by the device as it executes a (medical) application in the absence of malware, and analyzes them to build a reference model. It then monitors the EM signals generated by the device during execution and reports an error if there is a statistically significant deviation from the reference model. To evaluate Syndrome, we use open-source software to implement a real-world medical device, called a Syringe Pump, on a variety of well-known embedded/IoT devices including Arduino Uno, FPGA Nios II soft-core, and two Linux IoT mini-computers: OlimexA13 and TS-7250. We also implement a control-flow hijack attack on SyringePump and use Syndrome to detect and stop the attack. Our experimental results show that using Syndrome, we can detect the attack for all the four devices with excellent accuracy (i.e. 0% false positive and 100% true positive) within few milliseconds after the attack starts.

查看原文本刊更多论文

症候群:用于医疗物联网和嵌入式设备异常检测的光谱分析

嵌入式和物联网(IoT)技术的最新进展正在迅速改变医疗保健解决方案，我们正在走向一个更小、更智能、可穿戴和互联医疗设备的未来。物联网和先进的健康传感器为患者和医生提供了更多便利。医生现在可以无线自动监控病人的状态。虽然这些医疗嵌入式设备为改善医疗保健系统提供了许多新的机会，但由于它们连接到网络，它们也引入了一系列新的安全风险。更重要的是，这些设备在硬件和功率方面受到极大的限制，这反过来又使保护这些设备变得更加复杂。由于功率和资源的限制，在这些设备上实现复杂的恶意软件检测器或反病毒程序要么非常昂贵，要么不可行。在本文中，我们提出了一个新的框架称为综合征“外部”监测医疗嵌入式设备。我们的恶意软件检测器使用设备在没有恶意软件的情况下执行(医疗)应用程序时非自愿产生的电磁(EM)信号，并对其进行分析以构建参考模型。然后，它监测设备在执行过程中产生的电磁信号，如果与参考模型存在统计上的显著偏差，则报告错误。为了评估Syndrome，我们使用开源软件在各种知名的嵌入式/物联网设备(包括Arduino Uno, FPGA Nios II软核和两台Linux物联网微型计算机:OlimexA13和TS-7250)上实现了一个名为注射器泵的真实医疗设备。我们还实现了对SyringePump的控制流劫持攻击，并使用综合征来检测和阻止攻击。我们的实验结果表明，使用综合征，我们可以在攻击开始后几毫秒内以极好的准确率(即0%假阳性和100%真阳性)检测到所有四个设备的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量