Efficient Approach for Anomaly Detection in IoT Using System Calls

Nouman Shamim, Muhammad Asim, Thar Baker, Ali Ismail Awad

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)


The Internet of Things (IoT) has shown rapid growth and wide adoption in recent years. However, IoT devices are not designed to address modern security challenges. The weak security of these devices has been exploited by malicious actors and has led to several serious cyber-attacks. In this context, anomaly detection approaches are considered very effective owing to their ability to detect existing and novel attacks while requiring data only from normal execution. Because of the limited resources of IoT devices, conventional security solutions are not feasible. This emphasizes the need to develop new approaches that are specifically tailored to IoT devices. In this study, we propose a host-based anomaly detection approach that uses system call data and a Markov chain to represent normal behavior. This approach addresses the challenges that existing approaches face in this area, mainly the segmentation of the syscall trace into suitable smaller units and the use of a fixed threshold to differentiate between normal and malicious syscall sequences. Our proposed approach provides a mechanism for segmenting syscall traces into the program’s execution paths and dynamically determines the threshold for anomaly detection. The proposed approach was evaluated against various attacks using two well-known public datasets provided by the University of New South Mexico (UNM) and one custom dataset (PiData) developed in the laboratory. We also compared the performance and characteristics of our proposed approach with those of recently published related work. The proposed approach has a very low false positive rate (0.86%), high (Formula presented.) (100%), and a high (Formula presented.) score (100%) that is, a combined performance measure of (Formula presented.) and (Formula presented.).

Original languageEnglish
Article number652
Issue number2
Publication statusPublished - Jan 2023


  • anomaly detection
  • dynamic threshold
  • Internet of Things
  • security
  • system calls

ASJC Scopus subject areas

  • Information Systems
  • Instrumentation
  • Electrical and Electronic Engineering


Dive into the research topics of 'Efficient Approach for Anomaly Detection in IoT Using System Calls'. Together they form a unique fingerprint.

Cite this