New Techniques for Protection of IoT Devices from Malicious Behavior Using Working Set Based System Call Whitelisting and Argument Clustering

Main Article Content

Lakshmi Eswari Ponnapu Reddy, Sarat Chandra Babu Nelaturu

Abstract

The rapid evolution of Industry 4.0 and the spread of Internet of Things (IoT), is supporting the growth of cyber-physical systems for societal applications. It is challenging to design secure IoT devices, due to constrained computational and storage resources. The vulnerabilities in the deployed IoT devices are exploited by the attackers for carrying out malicious activities. Various anomaly detection approaches are proposed in literature for detecting malicious behavior at runtime. However they are not suitable for resource constrained IoT devices. In this paper, we propose new techniques for detecting runtime intrusions and protecting IoT devices using working set based system call whitelisting and argument clustering. Proposed system call whitelisting technique separates system call whitelists of initialization and service phases of field deployed IoT device, resulting in the reduced attack surface. We evaluated the proposed technique on Tenda AC15 version 15.03.05.19 for Telnet service. The experimental results show that the proposed working set based system call whitelisting successfully reduced 44% of system calls during the initialization phase and 40% of system calls during service phase. In addition to this, we used system call argument clustering technique, to augment the detection of malicious behavior which is injected at runtime through modifying the arguments of whitelisted system calls.

Article Details

Section
Articles