scholarly journals Intrusion Detection System for Applications using Linux Containers

2016 ◽  
Author(s):  
Amr Abed
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Critical Systems ◽  
System Calls ◽  
Industrial Use ◽  
Mission Critical ◽  
Linux Containers

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.

scholarly journals Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 1977 ◽  
Author(s):  
Geethapriya Thamilarasu ◽  
Shiven Chawla
Keyword(s):  
Deep Learning ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Cyber Attacks ◽  
The Internet ◽  
Critical Systems ◽  
The Internet Of Things

Cyber-attacks on the Internet of Things (IoT) are growing at an alarming rate as devices, applications, and communication networks are becoming increasingly connected and integrated. When attacks on IoT networks go undetected for longer periods, it affects availability of critical systems for end users, increases the number of data breaches and identity theft, drives up the costs and impacts the revenue. It is imperative to detect attacks on IoT systems in near real time to provide effective security and defense. In this paper, we develop an intelligent intrusion-detection system tailored to the IoT environment. Specifically, we use a deep-learning algorithm to detect malicious traffic in IoT networks. The detection solution provides security as a service and facilitates interoperability between various network communication protocols used in IoT. We evaluate our proposed detection framework using both real-network traces for providing a proof of concept, and using simulation for providing evidence of its scalability. Our experimental results confirm that the proposed intrusion-detection system can detect real-world intrusions effectively.

scholarly journals A Noble Approach of Real Time Intrusion Detection System (NART-IDS)

2019 ◽  
pp. 10-22
Author(s):  
Deepak Kumar Yadav ◽  
Akhilesh Bansiya
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Critical Systems ◽  
Online Detection ◽  
Report Generation ◽  
Improve Efficiency ◽  
Network Intrusion ◽  
System Overhead

Malicious users use different techniques such as cracking passwords, text traffic, sniffing unencrypted or light, etc. System overhead and compromise critical systems. Therefore, there must be some sort of security for the organization's private resources from the Internet and from the inside. Therefore, the intrusion detection system (IDS) could be the best solution. It complements the firewall to improve the security holes. An intrusion detection system includes a management console and sensors. The management console holds all the responsibility of functionality of IDS comprises with its initialization, packet capturing, and report generation, whereas the sensors used to monitor hosts or networks in real time. There may be different categories of Intrusion Detection System. IDS can be designed in the concept of Signature analysis as well as anomaly behavior analysis. Therefore IDS used to capture the behavior of suspected packets. These functions are in host mode and called as Host Intrusion Detection System (HIDS) and in Network mode called as Network Intrusion Detection System (NIDS). The entitled dissertation work is carried out to obtain the best analysis performance through signature based detection system. It is efficient for host as well as network system .here basically Transmission Control Packets (TCP) and User Datagram Packets (UDP) considered to analysis for finding different attacks like Probe,DoS,R2l and U2R. This system is being found functionally efficient and also provide layer wise attacks details. Here different agent modules used to perform desired isolated responsibility like Mobile Agent (MA) to activate different IDS chest at different hosts, Tenet Agent (TA) for signature rule, Analysis Agent (AA) etc. The proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers. Many attacks were experimented in this system. Experiments were performed to demonstrate the excellent effectiveness and efficiency of the proposed system. The proposed system can greatly improve efficiency from offline detection to real-time online detection. Since the proposed system derives features from packet headers. The entitled system can be further enhanced to capture more type of attacks at the levels of multiple layers and also may stop attacks as well.

scholarly journals Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways

Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 432
Author(s):  
Xuan-Ha Nguyen ◽  
Xuan-Duong Nguyen ◽  
Hoang-Hai Huynh ◽  
Kim-Hung Le
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Network Intrusion Detection ◽  
The Internet ◽  
Network Intrusion ◽  
Network Intrusion Detection System

Cyber security has become increasingly challenging due to the proliferation of the Internet of things (IoT), where a massive number of tiny, smart devices push trillion bytes of data to the Internet. However, these devices possess various security flaws resulting from the lack of defense mechanisms and hardware security support, therefore making them vulnerable to cyber attacks. In addition, IoT gateways provide very limited security features to detect such threats, especially the absence of intrusion detection methods powered by deep learning. Indeed, deep learning models require high computational power that exceeds the capacity of these gateways. In this paper, we introduce Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network. The superiority of our proposal is that it can accurately detect multiple cyber attacks in real time with a small computational footprint. This is achieved by a lightweight feature extraction mechanism and an efficient attack detection model powered by deep neural networks. Our evaluations on practical datasets indicate that Realguard could detect ten types of attacks (e.g., port scan, Botnet, and FTP-Patator) in real time with an average accuracy of 99.57%, whereas the best of our competitors is 98.85%. Furthermore, our proposal effectively operates on resource-constraint gateways (Raspberry PI) at a high packet processing rate reported about 10.600 packets per second.

scholarly journals Toward an Applied Cyber Security Solution in IoT-Based Smart Grids: An Intrusion Detection System Approach

Sensors ◽  
2019 ◽  
Vol 19 (22) ◽  
pp. 4952 ◽  
Author(s):  
Xiao Chun Yin ◽  
Zeng Guang Liu ◽  
Lewis Nkenyereye ◽  
Bruce Ndibanje
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Smart Grids ◽  
Secure Communication ◽  
Detection System ◽  
Cyber Attacks ◽  
Human Beings ◽  
Attack Model ◽  
Scada Systems

We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

Host-Based Intrusion Detection System with System Calls

2019 ◽  
Vol 51 (5) ◽  
pp. 1-36 ◽  
Author(s):  
Ming Liu ◽  
Zhi Xue ◽  
Xianghua Xu ◽  
Changmin Zhong ◽  
Jinjun Chen
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
System Calls

scholarly journals Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

2021 ◽  
Author(s):  
Navroop Kaur ◽  
Meenakshi Bansal ◽  
Sukhwinder Singh S
Keyword(s):  
Feature Selection ◽  
Performance Evaluation ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Support Vector ◽  
K Nearest Neighbor ◽  
Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Sign in / Sign up

Export Citation Format

Share Document