An Empirical Analysis of IDS Approaches in Container Security

Sever, Yigit; Ekinci, Goktug; Dogan, Adnan Harun; Alparslan, Bugra; Gurbuz, Abdurrahman Said; Jabrayilov, Vahab; Angin, Pelin

doi:10.1109/SRMC57347.2022.00007

1 Ocak 2022 Konferans bildirisi Açık Erişim

An Empirical Analysis of IDS Approaches in Container Security

Sever, Yigit; Ekinci, Goktug; Dogan, Adnan Harun; Alparslan, Bugra; Gurbuz, Abdurrahman Said; Jabrayilov, Vahab; Angin, Pelin

MARC21 XML

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">user-tubitak-destekli-proje-yayinlari</subfield>
    <subfield code="o">oai:aperta.ulakbim.gov.tr:253617</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">Microservices architecture has been praised as a lightweight, modular and robust alternative to monolithic software in recent years with software containerization bringing parallel ideas to the table against bare metal and even virtual machine based software deployment solutions. While containers provide support for agile software development in the cloud, they suffer from security issues due to their lightweight structure not providing isolation as strong as that of virtual machines. This calls for the development of robust intrusion detection systems (IDS) for containers, taking into account their specific vulnerabilities. Existing IDS for containerized software deployments have mainly used host-based syscall monitoring, with only a few utilizing network-based monitoring without justification for the particular sensor used. In this paper, we aim to close this research gap by empirically evaluating the performances of system call and network flow based features in machine learning-based intrusion detection for containers when subjected to the same attacks. Our results show that basing the IDS on the network layer exhibits better performance than the host-based IDS for the investigated vulnerabilities, demonstrating the need for network monitoring for enhanced container security.</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="a">2022 INTERNATIONAL WORKSHOP ON SECURE AND RELIABLE MICROSERVICES AND CONTAINERS (SRMC 2022)</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="a">Creative Commons Attribution</subfield>
    <subfield code="u">http://www.opendefinition.org/licenses/cc-by</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="a">Sever, Yigit</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="z">md5:c26092ca03c2019bef09b9264b08af4f</subfield>
    <subfield code="s">250</subfield>
    <subfield code="u">https://aperta.ulakbim.gov.trrecord/253617/files/bib-026ff213-47ab-41cf-a55f-53f9cfb97730.txt</subfield>
  </datafield>
  <controlfield tag="005">20230728192632.0</controlfield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2022-01-01</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1109/SRMC57347.2022.00007</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">An Empirical Analysis of IDS Approaches in Container Security</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Ekinci, Goktug</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Dogan, Adnan Harun</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Alparslan, Bugra</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Gurbuz, Abdurrahman Said</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Jabrayilov, Vahab</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="a">Angin, Pelin</subfield>
    <subfield code="u">Middle East Tech Univ, Dept Comp Engn, Ankara, Turkey</subfield>
  </datafield>
  <controlfield tag="001">253617</controlfield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-tubitak-destekli-proje-yayinlari</subfield>
  </datafield>
</record>

görüntülenme

indirilme

Daha fazla ayrıntı...

Görüntülenme	35
İndirme	9
Veri hacmi	2.2 kB
Tekil görüntülenme	33
Tekil indirme	9

Kayıt Bilgileri

Yayınlanma tarihi:: 01/01/2022
Bilim dalları:: Diğer
Konferans Bilgileri:: 2022 INTERNATIONAL WORKSHOP ON SECURE AND RELIABLE MICROSERVICES AND CONTAINERS (SRMC 2022)
Lisans:: Creative Commons Attribution

An Empirical Analysis of IDS Approaches in Container Security

An Empirical Analysis of IDS Approaches in Container Security

MARC21 XML

Kayıt Bilgileri

Alıntı yap

Paylaş

Dışa aktar

TÜBİTAK ULAKBİM

İLETİŞİM