Intrusion Detection in Container Orchestration Clusters : A framework proposal based on real-time system call analysis with machine learning for anomaly detection

Rocha, Savio Levy; Nze, Georges Daniel Amvame; Mendonça, Fábio Lúcio Lópes de

doi:10.23919/cisti54924.2022.9820103

Cited by 2 publications

(22 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results of a comparative analysis of the proposed MLDN model with the HBM model, the APID model, and models proposed by [5,6], [7], [8], and [9] are shown in Fig. 20 to 22.…”

Section: Resultsmentioning

confidence: 99%

“…In addition, there is a considerable need for IDS that may be implemented in clustered systems and used in servers [2,3]. There are many commercially available intrusion detection systems, some of which include the Bro intrusion detection system, which was developed by VISTAS Labs and the School of Engineering, the Snort intrusion detection system, which is distributed under the GNU licence [4], Network Protocol Analyzer [6], Multi Router Traffic Grapher (MRTG) [7], and a few other options. On the other hand, the computing requirements of the majority of these systems, as well as their accuracy, might be enhanced.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Fast and Effective Method for Intrusion Detection using Multi-Layered Deep Learning Networks

Srikrishnan¹,

Raaza²,

B³

et al. 2022

IJACSA

View full text Add to dashboard Cite

The practise of recognising unauthorised abnormal actions on computer systems is referred to as intrusion detection. The primary goal of an Intrusion Detection System (IDS) is to identify user behaviours as normal or abnormal based on the data they communicate. Firewalls, data encryption, and authentication techniques were all employed in traditional security systems. Current intrusion scenarios, on the other hand, are very complex and capable of readily breaching the security measures provided by previous protection systems. However, current intrusion scenarios are highly sophisticated and are capable of easily breaking the security mechanisms imposed by the traditional protection systems. Detecting intrusions is a challenging aspect especially in networked environments, as the system designed for such a scenario should be able to handle the huge volume and velocity associated with the domain. This research presents three models, APID (Adaptive Parallelized Intrusion Detection), HBM (Heterogeneous Bagging Model) and MLDN (Multi Layered Deep learning Network) that can be used for fast and efficient detection of intrusions in networked environments. The deep learning model has been constructed using the Keras library. The training data is preprocessed and segregated to fit the processing architecture of neural networks. The network is constructed with multiple layers and the other required parameters for the network are set in accordance with the input data. The trained model is validated using the validation data that has been specifically segregated for this purpose.

show abstract

“…The results of a comparative analysis of the proposed MLDN model with the HBM model, the APID model, and models proposed by [5,6], [7], [8], and [9] are shown in Fig. 20 to 22.…”

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Fast and Effective Method for Intrusion Detection using Multi-Layered Deep Learning Networks

Srikrishnan¹,

Raaza²,

B³

et al. 2022

IJACSA

View full text Add to dashboard Cite

show abstract

“…Regarding scenarios where container orchestration platforms are used as production environments, there are few studies on the implementation of HIDS based on system call anomalies developed so far [33]. In the work of [32], a distributed learning framework was developed aiming at building application-based detection models through neural networks.…”

Section: Related Workmentioning

confidence: 99%

“…In the work of [32], a distributed learning framework was developed aiming at building application-based detection models through neural networks. However, it is known that the system implemented on each host of the container platform generates computational overhead that competes with the actual workload of applications, and this overhead was not considered [33].…”

Section: Related Workmentioning

confidence: 99%

“…In [34], a HIDS focused on a Kubernetes cluster was proposed with anomaly detection through supervised learning neural networks and four categories of system calls. Although the system is capable of monitoring the various hosts of the cluster and performing detection in an external component, filtering rules based on a limited set of system calls may restrict the scope of attack detection [33]. Another aspect concerns the limitation regarding the lack of analysis of reported anomalies and the need for developing own subcomponents such as a web portal and a Restful API service for IDS implementation [33].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DCIDS—Distributed Container IDS

et al. 2023

Self Cite

View full text Add to dashboard Cite

Intrusion Detection Systems (IDS) still prevail as an important line of defense in modern computing environments. Cloud environment characteristics such as resource sharing, extensive connectivity, and agility in deploying new applications pose security risks that are increasingly exploited. New technologies like container platforms require IDS to evolve to effectively detect intrusive activities in these environments, and advancements in this regard are still necessary. In this context, this work proposes a framework for implementing an IDS focused on container platforms using machine learning techniques for anomaly detection in system calls. We contribute with the ability to build a dataset of system calls and share it with the community; the generation of anomaly detection alerts in open-source applications to support the SOC through the analysis of these system calls; the possibility of implementing different machine learning algorithms and approaches to detect anomalies in system calls (such as frequency, sequence, and arguments among other type of data) aiming greater detection efficiency; and the ability to integrate the framework with other tools, improving collaborative security. A five-layer architecture was built using free tools and tested in a corporate environment emulated in the GNS3 software version 2.2.29. In an experiment conducted with a public system call dataset, it was possible to validate the operation and integration of the framework layers, achieving detection results superior to the work that originated the dataset.

show abstract

Intrusion Detection in Container Orchestration Clusters : A framework proposal based on real-time system call analysis with machine learning for anomaly detection

Cited by 2 publications

References 0 publications

A Fast and Effective Method for Intrusion Detection using Multi-Layered Deep Learning Networks

A Fast and Effective Method for Intrusion Detection using Multi-Layered Deep Learning Networks

DCIDS—Distributed Container IDS

Contact Info

Product

Resources

About