Standardized container virtualization approach for collecting host intrusion detection data

Abstract

Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.