从系统调用分布中学习执行上下文用于智能嵌入式系统异常检测

2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI) Pub Date : 2017-04-18 DOI:10.1145/3054977.3054999

Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, L. Sha

{"title":"从系统调用分布中学习执行上下文用于智能嵌入式系统异常检测","authors":"Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, L. Sha","doi":"10.1145/3054977.3054999","DOIUrl":null,"url":null,"abstract":"Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.","PeriodicalId":179120,"journal":{"name":"2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"43","resultStr":"{\"title\":\"Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System\",\"authors\":\"Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Mihai Christodorescu, L. Sha\",\"doi\":\"10.1145/3054977.3054999\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.\",\"PeriodicalId\":179120,\"journal\":{\"name\":\"2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI)\",\"volume\":\"104 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"43\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3054977.3054999\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3054977.3054999","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 43

摘要

现有的异常检测技术并没有充分利用嵌入式设备的固有特性。在本文中，我们提出了一种使用系统调用频率分布来检测异常执行的轻量级方法。我们使用聚类分析来了解嵌入式应用程序的合法执行上下文，然后在运行时监视它们以捕获异常执行。我们的原型应用于一个真实的开源嵌入式应用程序，表明所提出的方法可以有效地检测异常执行，而不依赖于复杂的分析或影响关键的执行路径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System

Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI)

自引率

0.00%

发文量