Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems

Abstract : Securing embedded control systems presents a unique challenge. In addition to the resource restrictions inherent to embedded devices, embedded control systems must accommodate strict, non-negotiable timing requirements, and their massive scale greatly increases other costs such as power consumption. These constraints render conventional host-based intrusion detection – using a hypervisor to create a safe environment under which a monitoring entity can operate – costly and impractical.This paper describes the design and implementation of Autoscopy, an experimental host-based intrusion detection system that operates from within the kernel and leverages its built-in tracing framework to identify control flow anomalies that are often caused by rootkits hijacking kernel hooks. Experimental tests demonstrate that Autoscopy can detect representative control flow hijacking techniques while maintaining a low performance overhead.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.31-46, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_3〉
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01571779
Contributeur : Hal Ifip <>
Soumis le : jeudi 3 août 2017 - 15:03:57
Dernière modification le : jeudi 23 novembre 2017 - 15:34:02

Fichier

978-3-642-24864-1_3_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus, Sean Smith. Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems. Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.31-46, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_3〉. 〈hal-01571779〉

Partager

Métriques

Consultations de la notice

285

Téléchargements de fichiers

29