Intrusion Detection System for Applications using Linux Containers
Abstract
Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.
Cite
@article{arxiv.1611.03056,
title = {Intrusion Detection System for Applications using Linux Containers},
author = {Amr S. Abed and Charles Clancy and David S. Levy},
journal= {arXiv preprint arXiv:1611.03056},
year = {2017}
}
Comments
The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-24858-5_8. arXiv admin note: substantial text overlap with arXiv:1611.03053