English

Learning Execution Contexts from System Call Distributions for Intrusion Detection in Embedded Systems

Cryptography and Security 2015-08-04 v2

Abstract

Existing techniques used for intrusion detection do not fully utilize the intrinsic properties of embedded systems. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. We also present an architectural framework with minor processor modifications to aid in this process. Our prototype shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.

Keywords

Cite

@article{arxiv.1501.05963,
  title  = {Learning Execution Contexts from System Call Distributions for Intrusion Detection in Embedded Systems},
  author = {Man-Ki Yoon and Sibin Mohan and Jaesik Choi and Mihai Christodorescu and Lui Sha},
  journal= {arXiv preprint arXiv:1501.05963},
  year   = {2015}
}
R2 v1 2026-06-22T08:11:41.876Z