pith. sign in

arxiv: 1611.03056 · v1 · pith:FJ4DKFGUnew · submitted 2016-11-09 · 💻 cs.CR

Intrusion Detection System for Applications using Linux Containers

classification 💻 cs.CR
keywords containersdetectionlinuxsystemintrusionapplicationapplicationsbehavior
0
0 comments X
read the original abstract

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.