Enabling Deep Visibility into VxWorks-Based Embedded Controllers in Cyber-Physical Systems for Anomaly Detection

• URL: http://arxiv.org/abs/2504.17875v2
• Date: Mon, 25 Aug 2025 05:15:30 GMT
• Title: Enabling Deep Visibility into VxWorks-Based Embedded Controllers in Cyber-Physical Systems for Anomaly Detection
• Authors: Prashanth Krishnamurthy, Ramesh Karri, Farshad Khorrami,
• Abstract summary: DIVER (Defensive Implant for Visibility into Embedded Run-times) is a framework for real-time visibility into embedded control devices in cyber-physical systems.<n>Dimer enables run-time detection of anomalies and targets devices running VxWorks real-time operating system (RTOS)<n>Dimer has two components: "measurer" implant embedded into VxWorks kernel to collect run-time measurements and provide interactive/streaming interfaces over TCP/IP.
• Score: 20.062428504673225
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We propose the DIVER (Defensive Implant for Visibility into Embedded Run-times) framework for real-time deep visibility into embedded control devices in cyber-physical systems (CPSs). DIVER enables run-time detection of anomalies and targets devices running VxWorks real-time operating system (RTOS), precluding traditional methods of implementing dynamic monitors using OS (e.g., Linux, Windows) functions. DIVER has two components: "measurer" implant embedded into VxWorks kernel to collect run-time measurements and provide interactive/streaming interfaces over TCP/IP; remote "listener" that acquires and analyzes measurements and provides interactive user interface. DIVER focuses on small embedded devices with stringent resource constraints (e.g., insufficient storage to locally store measurements). To show efficacy and scalability of DIVER, we demonstrate on two embedded devices with different processor architectures and VxWorks versions: Motorola ACE Remote Terminal Unit used in CPS including power systems and Raspberry Pi representative of Internet-of-Things (IoT) applications.

Related papers

• LiteVLA-Edge: Quantized On-Device Multimodal Control for Embedded Robotics [0.6119773373677944]
  We present LiteVLA-Edge, a deployment-oriented VLA pipeline for fully on-device inference on Jetson Orin-class hardware.<n>Our approach combines supervised image-to-action fine-tuning in FP32 with post-training 4-bit GGUF quantization and GPU-accelerated inference.<n>Under our configuration, LiteVLA-Edge achieves a mean end-to-end runtime of 150.5,ms (approximately 6.6,Hz) while operating entirely offline.
  arXiv  Detail & Related papers  (2026-03-03T03:20:52Z)
• OS-Symphony: A Holistic Framework for Robust and Generalist Computer-Using Agent [58.07447442040785]
  We introduce OS-Symphony, a holistic framework that comprises an Orchestrator coordinating two key innovations for robust automation.<n>Results demonstrate that OS-Symphony delivers substantial performance gains across varying model scales.
  arXiv  Detail & Related papers  (2026-01-12T17:55:51Z)
• Video Object Recognition in Mobile Edge Networks: Local Tracking or Edge Detection? [57.000348519630286]
  Recent advances in mobile edge computing have made it possible to offload-intensive object detection to edge servers equipped with high-accuracy neural networks.<n>This hybrid approach offers a promising solution but introduces a new challenge: deciding when to perform edge detection versus local tracking.<n>We propose the LTED-Ada in single-device setting, a deep reinforcement learning-based algorithm that adaptively selects between local tracking and edge detection.
  arXiv  Detail & Related papers  (2025-11-25T04:54:51Z)
• Design, Implementation and Evaluation of a Real-Time Remote Photoplethysmography (rPPG) Acquisition System for Non-Invasive Vital Sign Monitoring [10.154892578360151]
  This paper presents a real-time remote photoplethysmography (rthy) system optimized for low-power devices.<n>It is designed to extract physiological signals, such as heart rate (HR), respiratory rate (RR), and oxygen saturation from facial video streams.
  arXiv  Detail & Related papers  (2025-08-26T08:12:57Z)
• LLM-Driven Auto Configuration for Transient IoT Device Collaboration [1.5479848902142663]
  CollabIoT employs a Large language Model (LLM)-driven approach to convert users' high-level intents to fine-grained access control policies.<n>We implement a prototype of CollabIoT's policy generation and auto configuration pipelines.<n>We show that our LLM-based policy generation pipeline is able to generate functional and correct policies with 100% accuracy.
  arXiv  Detail & Related papers  (2025-07-03T17:12:52Z)
• UFO2: The Desktop AgentOS [60.317812905300336]
  UFO2 is a multiagent AgentOS for Windows desktops that elevates into practical, system-level automation. We evaluate UFO2 across over 20 real-world Windows applications, demonstrating substantial improvements in robustness and execution accuracy over prior CUAs. Our results show that deep OS integration unlocks a scalable path toward reliable, user-aligned desktop automation.
  arXiv  Detail & Related papers  (2025-04-20T13:04:43Z)
• ENOLA: Efficient Control-Flow Attestation for Embedded Systems [4.974696231180418]
  We present ENOLA, an efficient control-flow attestation solution for low-end embedded systems.<n> ENOLA introduces a novel authenticator that achieves linear space complexity.<n>We have developed the ENOLA compiler through LLVM passes and attestation engine on the ARMv8.1-M architecture.
  arXiv  Detail & Related papers  (2025-01-20T00:41:58Z)
• Code-as-Monitor: Constraint-aware Visual Programming for Reactive and Proactive Robotic Failure Detection [56.66677293607114]
  We propose Code-as-Monitor (CaM) for both open-set reactive and proactive failure detection.<n>To enhance the accuracy and efficiency of monitoring, we introduce constraint elements that abstract constraint-related entities.<n>Experiments show that CaM achieves a 28.7% higher success rate and reduces execution time by 31.8% under severe disturbances.
  arXiv  Detail & Related papers  (2024-12-05T18:58:27Z)
• Low Latency Visual Inertial Odometry with On-Sensor Accelerated Optical Flow for Resource-Constrained UAVs [13.037162115493393]
  On-sensor hardware acceleration is a promising approach to enable low latency Visual Inertial Odometry (VIO) This paper assesses the speed-up in a VIO sensor system exploiting a compact OF sensor consisting of a global shutter camera and an Application Specific Integrated Circuit (ASIC) By replacing the feature tracking logic of the VINS-Mono pipeline with data from this OF camera, we demonstrate a 49.4% reduction in latency and a 53.7% reduction of compute load of the VIO pipeline over the original VINS-Mono implementation.
  arXiv  Detail & Related papers  (2024-06-19T08:51:19Z)
• Real-time Threat Detection Strategies for Resource-constrained Devices [1.4815508281465273]
  We present an end-to-end process designed to effectively address DNS-tunneling attacks in a router. We demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency.
  arXiv  Detail & Related papers  (2024-03-22T10:02:54Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic Monitoring of MUD Activity [1.294952045574009]
  Anomaly-based detection methods are promising in finding new attacks. There are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively. In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device.
  arXiv  Detail & Related papers  (2023-04-11T05:17:51Z)
• Virtualization of Tiny Embedded Systems with a robust real-time capable and extensible Stack Virtual Machine REXAVM supporting Material-integrated Intelligent Systems and Tiny Machine Learning [0.0]
  This paper shows and evaluates the suitability of the proposed VM architecture for operationally equivalent software and hardware (FPGA) implementations. In a holistic architecture approach, the VM specifically addresses digital signal processing and tiny machine learning.
  arXiv  Detail & Related papers  (2023-02-17T17:13:35Z)
• MAPLE-Edge: A Runtime Latency Predictor for Edge Devices [80.01591186546793]
  We propose MAPLE-Edge, an edge device-oriented extension of MAPLE, the state-of-the-art latency predictor for general purpose hardware. Compared to MAPLE, MAPLE-Edge can describe the runtime and target device platform using a much smaller set of CPU performance counters. We also demonstrate that unlike MAPLE which performs best when trained on a pool of devices sharing a common runtime, MAPLE-Edge can effectively generalize across runtimes.
  arXiv  Detail & Related papers  (2022-04-27T14:00:48Z)
• Argus++: Robust Real-time Activity Detection for Unconstrained Video Streams with Overlapping Cube Proposals [85.76513755331318]
  Argus++ is a robust real-time activity detection system for analyzing unconstrained video streams. The overall system is optimized for real-time processing on standalone consumer-level hardware.
  arXiv  Detail & Related papers  (2022-01-14T03:35:22Z)
• An Efficient One-Class SVM for Anomaly Detection in the Internet of Things [25.78558553080511]
  Insecure Internet of things (IoT) devices pose significant threats to critical infrastructure and the Internet at large. detecting anomalous behavior from these devices remains of critical importance. One-Class Support Vector Machines (OCSVM) are one of the state-of-the-art approaches for novelty detection.
  arXiv  Detail & Related papers  (2021-04-22T15:59:56Z)
• Towards AIOps in Edge Computing Environments [60.27785717687999]
  This paper describes the system design of an AIOps platform which is applicable in heterogeneous, distributed environments. It is feasible to collect metrics with a high frequency and simultaneously run specific anomaly detection algorithms directly on edge devices.
  arXiv  Detail & Related papers  (2021-02-12T09:33:00Z)
• Risk-Averse MPC via Visual-Inertial Input and Recurrent Networks for Online Collision Avoidance [95.86944752753564]
  We propose an online path planning architecture that extends the model predictive control (MPC) formulation to consider future location uncertainties. Our algorithm combines an object detection pipeline with a recurrent neural network (RNN) which infers the covariance of state estimates. The robustness of our methods is validated on complex quadruped robot dynamics and can be generally applied to most robotic platforms.
  arXiv  Detail & Related papers  (2020-07-28T07:34:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.