Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 18

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

Standardized container virtualization approach for collecting host intrusion detection data

, , , ,

DOI: http://dx.doi.org/10.15439/2019F212

Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 459463 ()

Full text

Abstract. Anomaly-based Intrusion Detection Systems (IDS) can be instrumental in detecting attacks on IT systems. For evaluation and training of IDS, data sets containing samples of common security-scenarios are essential. Existing data sets are not sufficient for training modern IDS. This work introduces a new methodology for recording data that is useful in the context of intrusion detection. The approach presented is comprised of a system architecture as well as a novel framework for simulating security-related scenarios.

References

  1. M. Pendleton and S. Xu. A dataset generator for next generation system call host intrusion detection systems. In Proceedings - IEEE Military Communications Conference MILCOM, volume 2017-Octob, 2017. http://dx.doi.org/10.1109/MILCOM.2017.8170835.
  2. Lincoln Laboratory; MIT. DARPA Intrusion Detection Evaluation Data Set. https://www.ll.mit.edu/r-d/datasets, 1998-2000.
  3. Computer Science Department Farris Engineering Center; University of New Mexico. Computer Immune Systems - Data Sets and Software. https://www.cs.unm.edu/ ̃immsec/systemcalls.htm, 1999.
  4. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In Proceedings - IEEE Symposium on Security and Privacy, 1999. http://dx.doi.org/10.1109/SECPRI.1999.766910.
  5. Australian Center for Cyber Security (ACCS). The ADFA Intrusion Detection Datasets. https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/, 2013.
  6. G. Creech and J. Hu. Generation of a new IDS test dataset: Time to retire the KDD collection. In IEEE Wireless Communications and Networking Conference, WCNC, 2013. http://dx.doi.org/10.1109/WCNC.2013.6555301.
  7. W. Haider, J. Hu, J. Slay, B.P. Turnbull, and Y. Xie. Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications, 87:185–192, 6 2017. http://dx.doi.org/10.1016/J.JNCA.2017.03.018.
  8. M. Grimmer, M. M. Röhling, D. Kreusel, and S. Ganz. A modern and sophisticated host based intrusion detection data set. In IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, pages 135–145, 2019. ISBN: 978-3-922746-82-9.
  9. A. S. Abed, C. Clancy, and D. S. Levy. Intrusion detection system for applications using linux containers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), volume 9331, pages 123–135, 11 2015. http://dx.doi.org/10.1007/978-3-319-24858-5_8.
  10. M. Grimmer, M. M. Röhling, M. Kricke, B. Franczyk, and E. Rahm. Intrusion Detection on System Call Graphs. In Sicherheit in vernetzten Systemen, pages G1–G18, 2018. ISBN: 978-3-3-7460-8637-8.
  11. Deng, S. Empirical model of WWW document arrivals at access link. In Proceedings of ICC/SUPERCOMM ’96 - International Conference on Communications, volume 3, pages 1797–1802. IEEE. http://dx.doi.org/10.1109/ICC.1996.535600.
  12. S. Ganz. Ein moderner Host Intrusion Detection Datensatz, 2019.
  13. D. Kreußel. Simulation and analysis of system call traces for adversial anomaly detection, 2019.