TL;DR
This paper explores using a bag-of-system-calls approach to detect anomalies in Linux containers, enabling intrusion detection without prior knowledge or modifications to containers or kernels.
Contribution
It introduces a novel method for anomaly detection in Linux containers based on system call analysis without needing prior container knowledge or system modifications.
Findings
Effective detection of anomalous container behavior
No need for container or kernel modifications
Applicable to real-time intrusion detection
Abstract
In this paper, we present the results of using bags of system calls for learning the behavior of Linux containers for use in anomaly-detection based intrusion detection system. By using system calls of the containers monitored from the host kernel for anomaly detection, the system does not require any prior knowledge of the container nature, neither does it require altering the container or the host kernel.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
