Intrusion Detection System for Applications Using Linux Containers

被引：22

作者：

Abed, Amr S. ^{[1
]}

Clancy, Charles ^{[2
]}

Levy, David S. ^{[3
]}

机构：

[1] Virginia Tech, Dept Elect & Comp Engn, Blacksburg, VA 24061 USA

[2] Virginia Tech, Hume Ctr Natl Secur & Technol, Arlington, VA USA

[3] Mitre Corp, Annapolis Jct, MD USA

来源：

SECURITY AND TRUST MANAGEMENT (STM 2015) | 2015年 / 9331卷

关键词：

Intrusion detection; Anomaly detection; System call monitoring; Container security; Security in cloud computing;

D O I：

10.1007/978-3-319-24858-5_8

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.

引用

页码：123 / 135

页数：13

共 20 条

[11] Learning classifiers for misuse and anomaly detection using a bag of system calls representation [J].

Kang, DK ;

Fuller, D ;

Honavar, V .

PROCEEDINGS FROM THE SIXTH ANNUAL IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2005, :118-125

[12]

Lee W., 1998, Usenix Security

[13]

Merkel D., 2014, Linux J, V239, P2

[14]

Murtaza SS, 2013, PROC INT SYMP SOFTW, P431, DOI 10.1109/ISSRE.2013.6698896

[15] Anomalous system call detection [J].

University of California, Santa Barbara ;

不详 ;

不详 .

ACM Trans. Inf. Syst. Secur., 2006, 1 (61-93)

[16]

Oracle Corporation, 2015, MYSQLSL LOAD EM CLIE

[17]

Petazzoni J., 2013, CONTAINERS DOCKER SE

[18] Modeling program behaviors by hidden Markov models for intrusion detection [J].

Wang, W ;

Guan, XH ;

Zhang, XL .

PROCEEDINGS OF THE 2004 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-7, 2004, :2830-2835

[19] Detecting intrusions using system calls: Alternative data models [J].

Warrender, C ;

Forrest, S ;

Pearlmutter, B .

PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, :133-145

[20] Host-based intrusion detection using dynamic and static behavioral models [J].

Yeung, DY ;

Ding, YX .

PATTERN RECOGNITION, 2003, 36 (01) :229-243

← 1 2 →