Detecting Abnormalities in IoT Program Executions through Control-Flow-Based Features

Agarwal, Akash; Dawson, Samuel; McKee, Derrick; Eugster, Patrick; Tancreti, Matthew; Sundaram, Vinaitheerthan

doi:10.1145/3054977.3057312

Cited by 9 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On top of that, it requires the addition of annotations to the smart meter software by its developers. The work of Agarwal et al [1] presents a concept for anomaly detection that uses context-sensitive features based on Ball-Larus path profiling. However, this approach requires the source code be instrumented, which facilitates the recording of function calls during execution.…”

Section: Discussionmentioning

confidence: 99%

“…Therefore, an attacker is able to find it using a custom scanner or any publicly available services such as Shodan. 1 The attacker is also capable to scan an IoT device in order to reveal open ports and identify running network services. Finally, we consider that an attacker is capable of exploiting a (potential zero-day) vulnerability on an IoT device through one of the network services running on the device.…”

Section: Attacker Modelmentioning

confidence: 99%

See 1 more Smart Citation

HADES-IoT: A Practical Host-Based Anomaly Detection System for IoT Devices (Extended Version)

Breitenbacher¹,

Homoliak²,

Aung³

et al. 2019

Preprint

View full text Add to dashboard Cite

Internet of Things (IoT) devices have become ubiquitous and are spread across many application domains including the industry, transportation, healthcare, and households. However, the proliferation of the IoT devices has raised the concerns about their security, especially when observing that many manufacturers focus only on the core functionality of their products due to short time to market and low cost pressures, while neglecting security aspects. Moreover, it does not exist any established or standardized method for measuring and ensuring the security of IoT devices. Consequently, vulnerabilities are left untreated, allowing attackers to exploit IoT devices for various purposes, such as compromising privacy, recruiting devices into a botnet, or misusing devices to perform cryptocurrency mining.In this paper, we present a practical Host-based Anomaly DEtection System for IoT (HADES-IoT) that represents the last line of defense. HADES-IoT has proactive detection capabilities, provides tamper-proof resistance, and it can be deployed on a wide range of Linux-based IoT devices. The main advantage of HADES-IoT is its low performance overhead, which makes it suitable for the IoT domain, where state-of-the-art approaches cannot be applied due to their high-performance demands. We deployed HADES-IoT on seven IoT devices to evaluate its effectiveness and performance overhead. Our experiments show that HADES-IoT achieved 100% effectiveness in the detection of current IoT malware such as VP-NFilter and IoTReaper; while on average, requiring only 5.5% of available memory and causing only a low CPU load.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Attacker Modelmentioning

confidence: 99%

HADES-IoT: A Practical Host-Based Anomaly Detection System for IoT Devices (Extended Version)

Breitenbacher¹,

Homoliak²,

Aung³

et al. 2019

Preprint

View full text Add to dashboard Cite

show abstract

“…TrustLite envisions hardware-enforced isolation of software modules that provides trusted computing execution. Furthermore, Agarwal et al [2] proposed an approach that relies on context-sensitive features for improving the detection of abnormal programs executions. These techniques and S×C4IoT are not mutually exclusive and they can be federated for achieving a secure IoT framework.…”

Section: Malware Operating Within Contracts Boundariesmentioning

confidence: 99%

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

Giaretta

Dragoni

Massacci

2021

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

The Internet of Things (IoT) revolutionised the way devices, and human beings, cooperate and interact. The interconnectivity and mobility brought by IoT devices led to extremely variable networks, as well as unpredictable information flows. In turn, security proved to be a serious issue for the IoT, far more serious than it has been in the past for other technologies. We claim that IoT devices need detailed descriptions of their behaviour to achieve secure default configurations, sufficient security configurability, and self-configurability. In this article, we propose S×C4IoT, a framework that addresses these issues by combining two paradigms: Security by Contract (S×C) and Fog computing. First, we summarise the necessary background such as the basic S×C definitions. Then, we describe how devices interact within S×C4IoT and how our framework manages the dynamic evolution that naturally result from IoT devices life-cycles. Furthermore, we show that S×C4IoT can allow legacy S×C-noncompliant devices to participate with an S×C network, we illustrate two different integration approaches, and we show how they fit into S×C4IoT. Last, we implement the framework as a proof-of-concept. We show the feasibility of S×C4IoT and we run different experiments to evaluate its impact in terms of communication and storage space overhead.

show abstract

“…Many information technologies, such as cloud computing [37], artificial intelligence [38], [39], IoT [40], edge computing [41], [42] and service computing [43]- [45], are widely applied. A variety of devices with different configurations and functions are used in the IoT, edge computing, and service computing environment, and memory leak is a common vulnerability in programs running on devices with limited computing and storage capacity.…”

Section: Memory Leak Detection Algorithmmentioning

confidence: 99%

Memory Leak Detection in IoT Program Based on an Abstract Memory Model SeqMM

et al. 2019

View full text Add to dashboard Cite

With the rapid growth of the Internet-of-Things (IoT), security issues for the IoT are becoming increasingly serious. Memory leaks are a common and harmful software defect for IoT programs running on resource-limited devices. Static analysis is an effective method for memory leak detection, however, because the existing methods cannot fully describe the memory state of IoT programs at run time, false positives and false negatives frequently occur. To improve the precision of memory leak detection, we propose an abstract memory model SeqMM to describe sequential storage structures. SeqMM differs from other abstract memory models in its ability to handle both points-to analysis and numerical analysis of pointers, which contributes to eliminating false positives in defect detection. In addition, based on the analysis of the sequential storage structure, we introduce the analysis of its operations in C programs, including transfer operations and predicate operations. Moreover, we present a memory leak detection algorithm by determining the state of the program points related to allocated memory blocks. The experimental results of five real projects indicate that the false positive rates of DTSC_SeqMM, Klocwork12 and DTSC_RSTVL are 29.0%, 15.0% and 40.6% respectively, and the corresponding false negative rates are 0%, 22.7% and 13.6%. INDEX TERMS Memory leak, sequential storage structure, abstract memory model, data flow analysis.

show abstract

Detecting Abnormalities in IoT Program Executions through Control-Flow-Based Features

Cited by 9 publications

References 8 publications

HADES-IoT: A Practical Host-Based Anomaly Detection System for IoT Devices (Extended Version)

HADES-IoT: A Practical Host-Based Anomaly Detection System for IoT Devices (Extended Version)

S×C4IoT: A Security-by-contract Framework for Dynamic Evolving IoT Devices

Memory Leak Detection in IoT Program Based on an Abstract Memory Model SeqMM

Contact Info

Product

Resources

About