Ab-HIDS: An anomaly-based host intrusion detection system using frequency of N-gram system call features and ensemble learning for containerized environment
IF 1.5 4区 计算机科学Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING
{"title":"Ab-HIDS: An anomaly-based host intrusion detection system using frequency of N-gram system call features and ensemble learning for containerized environment","authors":"Nidhi Joraviya, Bhavesh N. Gohil, Udai Pratap Rao","doi":"10.1002/cpe.8249","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Cloud's operating-system-level virtualization has introduced a new phase of lightweight virtualization through containers. The architecture of cloud-native and microservices-based application development strongly advocates for the use of containers due to their swift and convenient deployment capabilities. However, the security of applications within containers is important, as malicious or vulnerable content could jeopardize the container and the host system. This vulnerability also extends to neighboring containers and may compromise data integrity and confidentiality. The article focuses on developing an intrusion detection system tailored to containerized cloud environments by identifying system call analysis techniques and also proposes an anomaly-based host intrusion detection system (Ab-HIDS). This system employs the frequency of N-grams system calls as distinctive features. To enhance performance, two ensemble learning models, namely voting-based ensemble learning and XGBoost ensemble learning, are employed for training and testing the data. The proposed system is evaluated using the Leipzig Intrusion Detection Data Set (LID-DS), demonstrating substantial performance compared to existing state-of-the-art methods. Ab-HIDS is validated for class imbalance using the imbalance ratio and synthetic minority over-sampling technique methods. Our system achieved significant improvements in detection accuracy with 4% increase for the voting-based ensemble model and 6% increase for the XGBoost ensemble model. Additionally, we observed reductions in the false positive rate by 0.9% and 0.8% for these models, respectively, compared to existing state-of-the-art methods. These results illustrate the potential of our proposed approach in improving security measures within containerized environments.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"36 23","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8249","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Cloud's operating-system-level virtualization has introduced a new phase of lightweight virtualization through containers. The architecture of cloud-native and microservices-based application development strongly advocates for the use of containers due to their swift and convenient deployment capabilities. However, the security of applications within containers is important, as malicious or vulnerable content could jeopardize the container and the host system. This vulnerability also extends to neighboring containers and may compromise data integrity and confidentiality. The article focuses on developing an intrusion detection system tailored to containerized cloud environments by identifying system call analysis techniques and also proposes an anomaly-based host intrusion detection system (Ab-HIDS). This system employs the frequency of N-grams system calls as distinctive features. To enhance performance, two ensemble learning models, namely voting-based ensemble learning and XGBoost ensemble learning, are employed for training and testing the data. The proposed system is evaluated using the Leipzig Intrusion Detection Data Set (LID-DS), demonstrating substantial performance compared to existing state-of-the-art methods. Ab-HIDS is validated for class imbalance using the imbalance ratio and synthetic minority over-sampling technique methods. Our system achieved significant improvements in detection accuracy with 4% increase for the voting-based ensemble model and 6% increase for the XGBoost ensemble model. Additionally, we observed reductions in the false positive rate by 0.9% and 0.8% for these models, respectively, compared to existing state-of-the-art methods. These results illustrate the potential of our proposed approach in improving security measures within containerized environments.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.