EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Ensemble of Random and Isolation Forests for Graph-Based Intrusion Detection in Containers
RISE Research Institutes of Sweden, Digital Systems, Data Science.ORCID iD: 0000-0001-6116-164X
RISE Research Institutes of Sweden, Digital Systems, Data Science.ORCID iD: 0000-0001-8192-0893
2022 (English)In: Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022, Institute of Electrical and Electronics Engineers Inc. , 2022, p. 30-37Conference paper, Published paper (Refereed)
Abstract [en]

We propose a novel solution combining supervised and unsupervised machine learning models for intrusion detection at kernel level in cloud containers. In particular, the proposed solution is built over an ensemble of random and isolation forests trained on sequences of system calls that are collected at the hosting machine's kernel level. The sequence of system calls are translated into a weighted and directed graph to obtain a compact description of the container behavior, which is given as input to the ensemble model. We executed a set of experiments in a controlled environment in order to test our solution against the two most common threats that have been identified in cloud containers, and our results show that we can achieve high detection rates and low false positives in the tested attacks. 
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2022. p. 30-37
Keywords [en]
Cloud containers, Intrusion Detection System, Machine learning on Graph, Directed graphs, Forestry, Graphic methods, Intrusion detection, Machine learning, Cloud container, Graph-based, Intrusion Detection Systems, Intrusion-Detection, Machine-learning, Novel solutions, Supervised machine learning, System calls, Unsupervised machine learning, Containers
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-60157DOI: 10.1109/CSR54599.2022.9850307Scopus ID: 2-s2.0-85137367814ISBN: 9781665499521 (print)OAI: oai:DiVA.org:ri-60157DiVA, id: diva2:1702102
Conference
2nd IEEE International Conference on Cyber Security and Resilience, CSR 2022, 27 July 2022 through 29 July 2022
Note

 Funding text 1: This research is partially funded by the EU H2020 ARCADIAN-IoT (Grant ID. 101020259) and partly by the H2020 CONCORDIA (Grant ID. 830927).

Available from: 2022-10-10 Created: 2022-10-10 Last updated: 2023-06-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Iacovazzi, AlfonsoRaza, Shahid

Search in DiVA

By author/editor
Iacovazzi, AlfonsoRaza, Shahid
By organisation
Data Science
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 172 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG