E-Spion: A System-Level Intrusion Detection System for IoT Devices.

As the Internet of Things (IoT) grows at a rapid pace, there is a need for an effective and efficient form of security tailored for IoT devices. In this paper, we introduce E-Spion, an anomaly-based system level Intrusion Detection System (IDS) for IoT devices. E-Spion profiles IoT devices according to their 'behavior' using system level information, like running process parameters and their system calls, in an autonomous, efficient, and scalable manner. These profiles are then used to detect anomalous behaviors indicative of intrusions. E-Spion provides three layers of detection with increasing detection efficiency but at the same time higher overhead costs on the devices. We have extensively evaluated E-Spion using a comprehensive dataset of 3973 IoT malware samples in our testbed. We observe a detection efficiency ranging from 78% to 100% depending on the layers of detection employed. We provide an analysis and comparison of the different layers of E-Spion in terms of detection accuracy and overhead costs. We also analyze the behavior of the malware samples in terms of our device logs at each layer.