Skip to Main Content
One of the critical security threats to computer systems is the execution of malware or malicious software. Several intrusion detection systems have been proposed which perform detection analysis in the software using the audit files generated by the operating system. Software-based solutions to this problem are relatively slow, so these techniques can be used forensically, but not in real-time to stop an exploit before it has an opportunity to do damage. We present a technique to implement intrusion detection for secure embedded systems by detecting behavioral differences between the correct system and the malware. The system is implemented using FPGA logic to enable the detection process to be regularly updated to adapt to new malware and changing system behavior.