Hierarchical framework for runtime intrusion detection in embedded systems
Existing intrusion detection systems typically rely on one or a few features to detect anomalies or intrusion in a system. Their ability to successfully detect intrusion largely hinges on these limited features, which often do not provide for a comprehensive and runtime detection, especially necessi...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/147718 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Existing intrusion detection systems typically rely on one or a few features to detect anomalies or intrusion in a system. Their ability to successfully detect intrusion largely hinges on these limited features, which often do not provide for a comprehensive and runtime detection, especially necessitated in multitude of embedded devices used in critical systems. To overcome this limitation of existing intrusion detection systems, this paper proposes a lightweight runtime hierarchical multimodal intrusion detection framework that can be realized on resource-constrained embedded systems. This work relies on various features such as power trace, System Call (SYSCALL) trace and Hardware Performance Counter (HPC) by leveraging the strengths of the individual features and combining them intelligently to overcome their individual limitations. Using a number of case studies, the proposed framework has been shown to reliably detect intrusion of different types at runtime, while still being sufficiently lightweight to be deployed in resource- constrained embedded systems. |
|---|