Intrusion Detection System for Applications Using Linux Containers

Abed, Amr S.; Clancy, T. Charles; Levy, David S.

doi:10.1007/978-3-319-24858-5_8

Cited by 32 publications

(19 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The major advantage of this approach is that it provides a high degree of flexibility in the form of scenarios that can be adapted to individual technical as well as policy requirements. For example, the evaluation MySQL example 9 from chapter V can easily be adapted using real network data. With this approach we have created a new data set.…”

Section: Discussionmentioning

confidence: 99%

“…It was published as "Leipzig Intrusion Detection -Data Set (LID-DS)" in [8] which contains different use cases shown in table II. LID-DS framework and ready to use data sets are free to use and published on GitHub 9 . It is the first HIDS data set which contains normal and abnormal behavior, system calls and their timestamps, thread ids, process names, 9 https://github.com/LID-DS/LID-DS arguments, return values and excerpts of their data buffers from traces of normal and attack behavior of several recent, multi-process, multi-threaded scenarios.…”

Section: Discussionmentioning

confidence: 99%

“…The authors show this with the software example Firefox. Abed et al describe in [9] a real-time IDS for passive monitoring of Linux containers using the tool strace. The evaluation takes place with the example of the database application MySQL in the normal and malicious behavior under consideration of the frequencies of system calls.…”

Section: Background and Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Standardized container virtualization approach for collecting host intrusion detection data

Rohling¹,

Grimmer²,

Kreubel³

et al. 2019

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Standardized container virtualization approach for collecting host intrusion detection data

Rohling¹,

Grimmer²,

Kreubel³

et al. 2019

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

show abstract

“…In this paper, we propose a resilient intrusion detection system (RIDS) for misbehaving containers that extends upon the former work previously applied to standalone containers (Abed et al, 2015) to be used in cloud environments, where a colony of similar containers may collaborate to complete a certain task.…”

Section: Introductionmentioning

confidence: 99%

“…In a recent survey, Modi et al (2013) concluded that cloud environments should incorporate intrusion detection and prevention systems to address one of the major concerns of cloud users after data security. To address those concerns, Abed et al (2015Abed et al ( , 2016 presented a simple host-based intrusion detection system (HIDS) that monitors system calls between the container processes and the host kernel for malfeasance detection.…”

Section: Introductionmentioning

confidence: 99%

Resilient intrusion detection system for cloud containers

Abed

Azab

Clancy

et al. 2020

IJCNDS

Self Cite

View full text Add to dashboard Cite

The lightweight virtualisation and isolated execution offered by Linux containers qualify it to be the dominant virtualisation platform for cloud-based applications. The fact that Linux containers run on the same host while sharing the same kernel opens the door for new attacks. However, limited research has been conducted in the area of securing cloud containers. This paper presents a resilient intrusion detection and resolution system for cloud-based containers. The system relies on two main pillars, a real-time smart behaviour monitoring mechanism to detect maliciously behaving containers, and a moving-target defence approach that applies runtime container migration to quarantine such containers and to minimise attack dispersion. To avoid zero-day targeted attacks, the system also induces random live migrations between running containers to obfuscate its execution behaviour. Such obfuscation makes it harder for attackers to execute their targeted attacks. The system was tested by a big-data application using a container-based Apache Hadoop cluster to demonstrate the system's ability to automatically deploy,

show abstract