TY - GEN
T1 - HADES-IoT
T2 - 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
AU - Breitenbacher, Dominik
AU - Homoliak, Ivan
AU - Aung, Yan Lin
AU - Tippenhauer, Nils Ole
AU - Elovici, Yuval
N1 - Publisher Copyright: © 2019 Association for Computing Machinery.
PY - 2019/7/2
Y1 - 2019/7/2
N2 - Internet of Things (IoT) devices have become ubiquitous and spread across many application domains including the industry, transportation, healthcare, and households. However, the proliferation of the IoT devices has raised the concerns about their security - many manufacturers focus only on the core functionality of their products due to short time to market and low cost pressures, while neglecting security aspects. Consequently, vulnerabilities are left untreated, allowing attackers to exploit IoT devices for various purposes, such as compromising privacy, recruiting devices into a botnet, or misusing devices to perform cryptocurrency mining. In this paper, we present a practical Host-based Anomaly DEtection System for IoT (HADES-IoT) as a novel last line of defense. HADES-IoT has proactive detection capabilities, provides tamper-proof resistance, and can be deployed on a wide range of Linux-based IoT devices. The main advantage of HADES-IoT is its low performance overhead, which makes it suitable for the IoT domain, where state-of-the-art approaches cannot be applied due to their high-performance demands. We deployed HADES-IoT on seven IoT devices and demonstrated 100% effectiveness in the detection of current IoT malware such as VPNFilter and IoTReaper; while on average, requiring only 5.5% of available memory and causing only a low CPU load.
AB - Internet of Things (IoT) devices have become ubiquitous and spread across many application domains including the industry, transportation, healthcare, and households. However, the proliferation of the IoT devices has raised the concerns about their security - many manufacturers focus only on the core functionality of their products due to short time to market and low cost pressures, while neglecting security aspects. Consequently, vulnerabilities are left untreated, allowing attackers to exploit IoT devices for various purposes, such as compromising privacy, recruiting devices into a botnet, or misusing devices to perform cryptocurrency mining. In this paper, we present a practical Host-based Anomaly DEtection System for IoT (HADES-IoT) as a novel last line of defense. HADES-IoT has proactive detection capabilities, provides tamper-proof resistance, and can be deployed on a wide range of Linux-based IoT devices. The main advantage of HADES-IoT is its low performance overhead, which makes it suitable for the IoT domain, where state-of-the-art approaches cannot be applied due to their high-performance demands. We deployed HADES-IoT on seven IoT devices and demonstrated 100% effectiveness in the detection of current IoT malware such as VPNFilter and IoTReaper; while on average, requiring only 5.5% of available memory and causing only a low CPU load.
KW - Intrusion Detection
KW - IoT
KW - LKM
KW - System Call Interception
UR - http://www.scopus.com/inward/record.url?scp=85069961553&partnerID=8YFLogxK
U2 - 10.1145/3321705.3329847
DO - 10.1145/3321705.3329847
M3 - Conference contribution
T3 - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
SP - 479
EP - 484
BT - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
Y2 - 9 July 2019 through 12 July 2019
ER -
