基于OC-SVM的容器化实时入侵检测系统

Lu Zhang, R. Cushing, C. D. Laat, P. Grosso
{"title":"基于OC-SVM的容器化实时入侵检测系统","authors":"Lu Zhang, R. Cushing, C. D. Laat, P. Grosso","doi":"10.1109/CSE53436.2021.00029","DOIUrl":null,"url":null,"abstract":"A Digital Data Marketplace (DDM) is a digital infrastructure to facilitate policy-governed data sharing in a secure and trustworthy manner with container-based virtualization technologies. An intrusion detection systems (IDS) is essential to enforce the policies. We propose a real-time intrusion detection system that monitors and analyzes the Linux-kernel system calls of a running container. We adopt the One-Class Support Vector Machine (OC-SVM) to detect anomalies. The training data of the OC-SVM algorithm is collected and sanitized in a secure environment. We evaluate the detection capability of our proposed system against modern attacks, e.g. Machine Learning (ML) adversarial attacks, with a customized attack dataset. In addition, we investigate the influence of various feature extraction methods, kernel functions and segmentation length with four metrics. Our experimental results show that we can achieve a low FPR, with a worst case of 0.12, and a TPR of 1 for most attacks, when we adopt the term-frequency feature extraction method and we choose segmentation length of 30000. Furthermore, the optimal kernel functions depend on the concrete application being examined.","PeriodicalId":6838,"journal":{"name":"2021 IEEE 24th International Conference on Computational Science and Engineering (CSE)","volume":"122 1","pages":"138-145"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A real-time intrusion detection system based on OC-SVM for containerized applications\",\"authors\":\"Lu Zhang, R. Cushing, C. D. Laat, P. Grosso\",\"doi\":\"10.1109/CSE53436.2021.00029\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Digital Data Marketplace (DDM) is a digital infrastructure to facilitate policy-governed data sharing in a secure and trustworthy manner with container-based virtualization technologies. An intrusion detection systems (IDS) is essential to enforce the policies. We propose a real-time intrusion detection system that monitors and analyzes the Linux-kernel system calls of a running container. We adopt the One-Class Support Vector Machine (OC-SVM) to detect anomalies. The training data of the OC-SVM algorithm is collected and sanitized in a secure environment. We evaluate the detection capability of our proposed system against modern attacks, e.g. Machine Learning (ML) adversarial attacks, with a customized attack dataset. In addition, we investigate the influence of various feature extraction methods, kernel functions and segmentation length with four metrics. Our experimental results show that we can achieve a low FPR, with a worst case of 0.12, and a TPR of 1 for most attacks, when we adopt the term-frequency feature extraction method and we choose segmentation length of 30000. Furthermore, the optimal kernel functions depend on the concrete application being examined.\",\"PeriodicalId\":6838,\"journal\":{\"name\":\"2021 IEEE 24th International Conference on Computational Science and Engineering (CSE)\",\"volume\":\"122 1\",\"pages\":\"138-145\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 24th International Conference on Computational Science and Engineering (CSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSE53436.2021.00029\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 24th International Conference on Computational Science and Engineering (CSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSE53436.2021.00029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

摘要

数字数据市场(Digital Data Marketplace, DDM)是一种数字基础设施,它使用基于容器的虚拟化技术,以安全可靠的方式促进策略管理的数据共享。入侵检测系统(IDS)对于执行策略至关重要。提出了一种实时入侵检测系统,用于监控和分析运行容器的linux内核系统调用。我们采用一类支持向量机(OC-SVM)来检测异常。OC-SVM算法的训练数据是在安全的环境中收集和消毒的。我们使用定制的攻击数据集评估了我们提出的系统对现代攻击的检测能力,例如机器学习(ML)对抗性攻击。此外,我们还研究了各种特征提取方法、核函数和分割长度对四个度量的影响。我们的实验结果表明,当我们采用频项特征提取方法,选择分割长度为30000时,我们可以获得较低的FPR,最坏情况为0.12,对大多数攻击的TPR为1。此外,最优核函数取决于所检查的具体应用程序。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A real-time intrusion detection system based on OC-SVM for containerized applications
A Digital Data Marketplace (DDM) is a digital infrastructure to facilitate policy-governed data sharing in a secure and trustworthy manner with container-based virtualization technologies. An intrusion detection systems (IDS) is essential to enforce the policies. We propose a real-time intrusion detection system that monitors and analyzes the Linux-kernel system calls of a running container. We adopt the One-Class Support Vector Machine (OC-SVM) to detect anomalies. The training data of the OC-SVM algorithm is collected and sanitized in a secure environment. We evaluate the detection capability of our proposed system against modern attacks, e.g. Machine Learning (ML) adversarial attacks, with a customized attack dataset. In addition, we investigate the influence of various feature extraction methods, kernel functions and segmentation length with four metrics. Our experimental results show that we can achieve a low FPR, with a worst case of 0.12, and a TPR of 1 for most attacks, when we adopt the term-frequency feature extraction method and we choose segmentation length of 30000. Furthermore, the optimal kernel functions depend on the concrete application being examined.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信