English

Intrusion Detection System for Applications using Linux Containers

Cryptography and Security 2017-01-05 v1

Abstract

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.

Keywords

Cite

@article{arxiv.1611.03056,
  title  = {Intrusion Detection System for Applications using Linux Containers},
  author = {Amr S. Abed and Charles Clancy and David S. Levy},
  journal= {arXiv preprint arXiv:1611.03056},
  year   = {2017}
}

Comments

The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-24858-5_8. arXiv admin note: substantial text overlap with arXiv:1611.03053

R2 v1 2026-06-22T16:47:29.257Z