Efficient Approach for Anomaly Detection in IoT Using System Calls.

Sensors (Basel)

College of Information Technology, United Arab Emirates University, Al Ain P.O. Box 17551, United Arab Emirates.

Published: January 2023

The Internet of Things (IoT) has shown rapid growth and wide adoption in recent years. However, IoT devices are not designed to address modern security challenges. The weak security of these devices has been exploited by malicious actors and has led to several serious cyber-attacks. In this context, anomaly detection approaches are considered very effective owing to their ability to detect existing and novel attacks while requiring data only from normal execution. Because of the limited resources of IoT devices, conventional security solutions are not feasible. This emphasizes the need to develop new approaches that are specifically tailored to IoT devices. In this study, we propose a host-based anomaly detection approach that uses system call data and a Markov chain to represent normal behavior. This approach addresses the challenges that existing approaches face in this area, mainly the segmentation of the syscall trace into suitable smaller units and the use of a fixed threshold to differentiate between normal and malicious syscall sequences. Our proposed approach provides a mechanism for segmenting syscall traces into the program's execution paths and dynamically determines the threshold for anomaly detection. The proposed approach was evaluated against various attacks using two well-known public datasets provided by the University of New South Mexico (UNM) and one custom dataset (PiData) developed in the laboratory. We also compared the performance and characteristics of our proposed approach with those of recently published related work. The proposed approach has a very low false positive rate (0.86%), high accuracy (100%), and a high F1 score (100%) that is, a combined performance measure of precision and recall.

Download full-text PDF

Source
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC9861298PMC
http://dx.doi.org/10.3390/s23020652DOI Listing

Publication Analysis

Top Keywords

anomaly detection
16
proposed approach
16
iot devices
12
approach
6
iot
5
efficient approach
4
anomaly
4
approach anomaly
4
detection
4
detection iot
4

Similar Publications

Want AI Summaries of new PubMed Abstracts delivered to your In-box?

Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!