Back to Search Start Over

Container intrusion detection method based on host system call frequency

Authors :
JI Yimu, LIU Shangdong
YANG Weidong, LI Kui, LIU Qiang, SHAO Sisi,YOU Shuai, HUANG Naijiao
Source :
网络与信息安全学报, Vol 7, Iss 4, Pp 18-29 (2021)
Publication Year :
2021
Publisher :
POSTS&TELECOM PRESS Co., LTD, 2021.

Abstract

Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics. However, it shares the kernel with the host, so it has poor security and isolation, and is vulnerable to flood, denial of service, and escape attacks. In order to effectively detect whether the container is attacked or not, an intrusion detection method based on host system call frequency was proposed. This method took advantage of the different frequency of system call between different attack behaviors, collected the system call generated when the container was running, extracted the system call features by combining the sliding window and TF-IDF algorithm, and classified by comparing the feature similarity. The experimental results show that the detection rate of this method can reach 97%, and the false alarm rate is less than 4%.

Subjects

Subjects :
host system call
intrusion detection
docker container
adfa-ld data set
Electronic computers. Computer science
QA75.5-76.95

Details

Language :
English, Chinese
ISSN :
2096109x and 2096109X
Volume :
7
Issue :
4
Database :
Directory of Open Access Journals
Journal :
网络与信息安全学报
Publication Type :
Academic Journal
Accession number :
edsdoj.54b8f069a16439fb7b0a2309a3a481e
Document Type :
article
Full Text :
https://doi.org/10.11959/j.issn.2096-109x.2021073
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details