ChronosGuard: A Hierarchical Machine Learning Intrusion Detection System for Modern Clouds

Traditional Intrusion Detection Systems (IDSs) have been a cornerstone of network security for many years. Nevertheless, with the advent of containerized applications in the last few years, there is a growing need to understand how intrusion detection can adapt to these dynamic environments. This paper presents ChronosGuard, a hierarchical machine learning (ML) IDS designed for containerized environments. ChronosGuard's adaptable architecture consists of multiple components, each optimized for deployment in varying configurations ranging from monolithic to micro-service architectures. The performance impact of various factors such as network topology, workload orchestration, and deployment strategies has been assessed through extensive experiments concerning the scalability and resource utilization of ChronosGuard. Results show the effective prioritization of benign traffic of up to 85% compared to malicious traffic, the negligible impact of small network delays on performance metrics, and up to 10% decrease in response times with network-aware orchestration for complex deployment configurations. This study introduces a robust, containerized IDS that can be easily adapted to meet various operational needs, ranging from a full privacy-preserving local deployment to a scalable cloud deployment but also provides foundational insights for future research into optimizing containerized security solutions.