Container intrusion detection method based on host system call frequency
Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks.In ord...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2021-08-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021073 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529925053448192 |
|---|---|
| author | Yimu JI Weidong YANG Kui LI Shangdong LIU Qiang LIU Sisi SHAO Shuai YOU Naijiao HUANG |
| author_facet | Yimu JI Weidong YANG Kui LI Shangdong LIU Qiang LIU Sisi SHAO Shuai YOU Naijiao HUANG |
| author_sort | Yimu JI |
| collection | DOAJ |
| description | Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks.In order to effectively detect whether the container is attacked or not, an intrusion detection method based on host system call frequency was proposed.This method took advantage of the different frequency of system call between different attack behaviors, collected the system call generated when the container was running, extracted the system call features by combining the sliding window and TF-IDF algorithm, and classified by comparing the feature similarity.The experimental results show that the detection rate of this method can reach 97%, and the false alarm rate is less than 4%. |
| format | Article |
| id | doaj-art-e84ba0c76c0b4eb8bf0869de0d542844 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2021-08-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-e84ba0c76c0b4eb8bf0869de0d5428442025-01-15T03:15:03ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2021-08-017182959567396Container intrusion detection method based on host system call frequencyYimu JIWeidong YANGKui LIShangdong LIUQiang LIUSisi SHAOShuai YOUNaijiao HUANGContainer technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks.In order to effectively detect whether the container is attacked or not, an intrusion detection method based on host system call frequency was proposed.This method took advantage of the different frequency of system call between different attack behaviors, collected the system call generated when the container was running, extracted the system call features by combining the sliding window and TF-IDF algorithm, and classified by comparing the feature similarity.The experimental results show that the detection rate of this method can reach 97%, and the false alarm rate is less than 4%.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021073host system callintrusion detectionDocker containerADFA-LD data set |
| spellingShingle | Yimu JI Weidong YANG Kui LI Shangdong LIU Qiang LIU Sisi SHAO Shuai YOU Naijiao HUANG Container intrusion detection method based on host system call frequency 网络与信息安全学报 host system call intrusion detection Docker container ADFA-LD data set |
| title | Container intrusion detection method based on host system call frequency |
| title_full | Container intrusion detection method based on host system call frequency |
| title_fullStr | Container intrusion detection method based on host system call frequency |
| title_full_unstemmed | Container intrusion detection method based on host system call frequency |
| title_short | Container intrusion detection method based on host system call frequency |
| title_sort | container intrusion detection method based on host system call frequency |
| topic | host system call intrusion detection Docker container ADFA-LD data set |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021073 |
| work_keys_str_mv | AT yimuji containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT weidongyang containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT kuili containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT shangdongliu containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT qiangliu containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT sisishao containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT shuaiyou containerintrusiondetectionmethodbasedonhostsystemcallfrequency AT naijiaohuang containerintrusiondetectionmethodbasedonhostsystemcallfrequency |