DL-HIDS: deep learning-based host intrusion detection system using system calls-to-image for containerized cloud environment

DL-HIDS: deep learning-based host intrusion detection system using system calls-to-image for containerized cloud environment

연구 분야: Software Development

학회: The Journal of Supercomputing

In the rapidly evolving IT industry, containerization has introduced new security challenges including cloud data breaches. DL-HIDS explores the application of Deep Learning (DL) techniques for detecting such attacks. Various system call-based features, including the sequence, frequency, and metadata of system calls, as well as images, derived from these calls were explored. While using images as features is effective for DL models, determining the optimal image feature size can be challenging and requires extensive experimentation. The existing approach uses pre-trained Convolutional Neural Networks (CNNs) that incorporate system call parameters with metadata that are redundant resulting in a low detection rate. To address these limitations, we employ a deep CNN that takes images generated from system call logs as input. Our experimentation involves varying image size, system call parameters, and CNN architecture using the Leipzig Intrusion Detection DataSet-2019 dataset containing recent containerized cloud environment attack data. Our results demonstrate improvement over state-of-the-art methods toward accuracy, precision, recall, F1 score, and false-positive rate.