Standardized container virtualization approach for collecting host intrusion detection data

• Autorzy: Röhling Martin Max , Grimmer Martin , Kreußel Dennis , Hoffmann Jörn , Franczyk Bogdan

Identyfikatory

DOI

10.15439/2019F212

• Konferencja: Federated Conference on Computer Science and Information Systems (14 ; 01-04.09.2019 ; Leipzig, Germany)
• Języki publikacji: EN

Abstrakty

EN

Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.

Słowa kluczowe

EN

security of data; virtualisation; intrusion detection; software

PL

bezpieczeństwo danych; wirtualizacja; wykrywanie włamań; oprogramowanie

• Wydawca: Polskie Towarzystwo Informatyczne
• Czasopismo: Annals of Computer Science and Information Systems
• Rocznik: 2019
• Tom: Vol. 18
• Strony: 459--463
• Opis fizyczny: Bibliogr. 13 poz., rys., tab.

Twórcy

autor

Röhling Martin Max

• Leipzig University, Ritterstraße 9-13, 04109 Leipzig

autor

Grimmer Martin

• Leipzig University, Ritterstraße 9-13, 04109 Leipzig

autor

Kreußel Dennis

• Leipzig University, Ritterstraße 9-13, 04109 Leipzig

autor

Hoffmann Jörn

• Leipzig University, Ritterstraße 9-13, 04109 Leipzig

autor

Franczyk Bogdan

• Leipzig University, Grimmaische Straße 12, 04109 Leipzig
• Uniwersytet Ekonomiczny we Wroclawiu, ul. Komandorska 118/120, 53-345 Wroclaw

Bibliografia

• 1. M. Pendleton and S. Xu. A dataset generator for next generation system call host intrusion detection systems. In Proceedings - IEEE Military Communications Conference MILCOM, volume 2017-Octob, 2017. http://dx.doi.org/10.1109/MILCOM.2017.8170835.
• 2. Lincoln Laboratory; MIT. DARPA Intrusion Detection Evaluation Data Set. https://www.ll.mit.edu/r-d/datasets, 1998-2000.
• 3. Computer Science Department Farris Engineering Center; University of New Mexico. Computer Immune Systems - Data Sets and Software. https://www.cs.unm.edu/ ̃immsec/systemcalls.htm, 1999.
• 4. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In Proceedings - IEEE Symposium on Security and Privacy, 1999. http://dx.doi.org/10.1109/SECPRI.1999.766910.
• 5. Australian Center for Cyber Security (ACCS). The ADFA Intrusion Detection Datasets. https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/, 2013.
• 6. G. Creech and J. Hu. Generation of a new IDS test dataset: Time to retire the KDD collection. In IEEE Wireless Communications and Networking Conference, WCNC, 2013. http://dx.doi.org/10.1109/WCNC.2013.6555301.
• 7. W. Haider, J. Hu, J. Slay, B.P. Turnbull, and Y. Xie. Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications, 87:185–192, 6 2017. http://dx.doi.org/10.1016/J.JNCA.2017.03.018.
• 8. M. Grimmer, M. M. Röhling, D. Kreusel, and S. Ganz. A modern and sophisticated host based intrusion detection data set. In IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, pages 135–145, 2019. ISBN: 978-3-922746-82-9.
• 9. A. S. Abed, C. Clancy, and D. S. Levy. Intrusion detection system for applications using linux containers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), volume 9331, pages 123–135, 11 2015. http://dx.doi.org/10.1007/978-3-319-24858-5_8.
• 10. M. Grimmer, M. M. Röhling, M. Kricke, B. Franczyk, and E. Rahm. Intrusion Detection on System Call Graphs. In Sicherheit in vernetzten Systemen, pages G1–G18, 2018. ISBN: 978-3-3-7460-8637-8.
• 11. Deng, S. Empirical model of WWW document arrivals at access link. In Proceedings of ICC/SUPERCOMM ’96 - International Conference on Communications, volume 3, pages 1797–1802. IEEE. http://dx.doi.org/10.1109/ICC.1996.535600.
• 12. S. Ganz. Ein moderner Host Intrusion Detection Datensatz, 2019.
• 13. D. Kreußel. Simulation and analysis of system call traces for adversial anomaly detection, 2019.

Uwagi

1. Track 3: Network Systems and Applications

2. Technical Session: Advances in Network Systems and Applications

3. Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).