Ab-HIDS: An anomaly-based host intrusion detection system using frequency of N-gram system call features and ensemble learning for containerized environment

作     者：Joraviya, Nidhi Gohil, Bhavesh N. Rao, Udai Pratap 

作者机构：Sardar Vallabhbhai Natl Inst Technol Dept Comp Sci & Engn Surat Gujarat India Natl Inst Technol Patna Dept Comp Sci & Engn Patna India 

出 版 物：《CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE》 (Concurr. Comput. Pract. Exper.)

年 卷 期：2024年第36卷第23期

核心收录：

学科分类：08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：I would like to express appreciation to my supervisors  Udai Pratap Rao and Bhavesh N. Gohil  for their unwavering guidance  expertise  and continuous support. Their invaluable insights and constructive feedback have significantly shaped the direction and quality of this research work 

主　　题：anomaly detection system cloud computing containerized environment ensemble machine learning host intrusion detection system system call analysis 

摘      要：Cloud s operating-system-level virtualization has introduced a new phase of lightweight virtualization through containers. The architecture of cloud-native and microservices-based application development strongly advocates for the use of containers due to their swift and convenient deployment capabilities. However, the security of applications within containers is important, as malicious or vulnerable content could jeopardize the container and the host system. This vulnerability also extends to neighboring containers and may compromise data integrity and confidentiality. The article focuses on developing an intrusion detection system tailored to containerized cloud environments by identifying system call analysis techniques and also proposes an anomaly-based host intrusion detection system (Ab-HIDS). This system employs the frequency of N-grams system calls as distinctive features. To enhance performance, two ensemble learning models, namely voting-based ensemble learning and XGBoost ensemble learning, are employed for training and testing the data. The proposed system is evaluated using the Leipzig Intrusion Detection Data Set (LID-DS), demonstrating substantial performance compared to existing state-of-the-art methods. Ab-HIDS is validated for class imbalance using the imbalance ratio and synthetic minority over-sampling technique methods. Our system achieved significant improvements in detection accuracy with 4% increase for the voting-based ensemble model and 6% increase for the XGBoost ensemble model. Additionally, we observed reductions in the false positive rate by 0.9% and 0.8% for these models, respectively, compared to existing state-of-the-art methods. These results illustrate the potential of our proposed approach in improving security measures within containerized environments.