%0 Conference Proceedings
%T Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems
%+ Dartmouth College [Hanover]
%+ Bloomberg L.P.
%+ University of Calgary
%A Reeves, Jason
%A Ramaswamy, Ashwin
%A Locasto, Michael
%A Bratus, Sergey
%A Smith, Sean
%Z Part 2: CONTROL SYSTEMS SECURITY
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 5th International Conference Critical Infrastructure Protection (ICCIP)
%C Hanover, NH, United States
%Y Jonathan Butts
%Y Sujeet Shenoi
%I Springer
%3 Critical Infrastructure Protection V
%V AICT-367
%P 31-46
%8 2011-03-23
%D 2011
%R 10.1007/978-3-642-24864-1_3
%K Embedded control systems
%K intrusion detection
%Z Computer Science [cs]Conference papers
%X Securing embedded control systems presents a unique challenge. In addition to the resource restrictions inherent to embedded devices, embedded control systems must accommodate strict, non-negotiable timing requirements, and their massive scale greatly increases other costs such as power consumption. These constraints render conventional host-based intrusion detection – using a hypervisor to create a safe environment under which a monitoring entity can operate – costly and impractical.This paper describes the design and implementation of Autoscopy, an experimental host-based intrusion detection system that operates from within the kernel and leverages its built-in tracing framework to identify control flow anomalies that are often caused by rootkits hijacking kernel hooks. Experimental tests demonstrate that Autoscopy can detect representative control flow hijacking techniques while maintaining a low performance overhead.
%G English
%Z TC 11
%Z WG 11.10
%2 https://inria.hal.science/hal-01571779/document
%2 https://inria.hal.science/hal-01571779/file/978-3-642-24864-1_3_Chapter.pdf
%L hal-01571779
%U https://inria.hal.science/hal-01571779
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-ICCIP
%~ IFIP-WG11-10
%~ IFIP-AICT-367