Efficient and Robust Detection of Code-Reuse Attacks Through Probabilistic Packet Inspection in Industrial IoT Devices

Abstract

Industrial IoT devices are vulnerable to code-reuse attacks in which benign codes of these devices are reused for malicious activities. In the sense that adversary can compromise industrial IoT devices by means of code-reuse attacks and impair entire industrial IoT ecosystems through the compromised industrial IoT devices, it is very imperative to detect code-reuse attacks in industrial IoT devices. Although different types of code-reuse attack detection schemes have been devised in the literature, they are mainly system level or inefficient/vulnerable network level defense techniques. For the efficient and robust network level defense, we propose a scheme that detects code-reuse attacks efficiently and resiliently by incorporating the sequential probability ratio test (SPRT) with the probabilistic inspection on the packets incoming into industrial IoT devices. Through experimental and analytical study, we demonstrate that our proposed detection scheme resiliently and efficiently defends against code-reuse attacks in industrial IoT devices. In particular, our simulation results show that the SPRT with probabilistic packet inspection achieves at least 93.2% and 99.0% average detection rate for small and large set of code-reuse packets, respectively, while demanding below five samples for detection on an average. They also exhibit that it achieves at most 0.4% average false positives with below four samples on an average.