In this repository we present a docker dataset based on system calls and the source code used for its experimental evaluation, more details are presented in [HIDS Docker Information] (you can also read the same README in portuguese):
This study is ongoing and has already had results presented at some conferences.
Published in IEEE ISCC 2021 : 26th IEEE Symposium on Computers and Communications (ISCC):
@inproceedings{paper3,
author={Gabriel Ruschel Castanhel and Tiago Heinrich and Fabrício Ceschin and Carlos A. Maziero},
title={Taking a Peek: An Evaluation of Anomaly Detection Using System calls for Containers},
year={2021},
series={26th IEEE Symposium on Computers and Communications (ISCC 2021)}
}
The paper could be found here.
Published in Regional Workshop on Information Security and Computer Systems (WRSeg) in the XVIII Regional School of Computer Networks (ERRC 2020):
@inproceedings{paper2,
author={Gabriel Ruschel Castanhel and Tiago Heinrich and Fabrício Ceschin and Carlos A. Maziero},
title={Sliding Window: The Impact of Trace Size in Anomaly Detection System for Containers Through Machine Learning},
year={2020},
series={Regional Workshop on Information Security and Computer Systems (WRSeg - ERRC)}
}
The paper could be found here.
Published in Brazilian Symposium on Information and Computational Systems Security (SBSeg) 2020 - XIV Workshop of Scientific Initiation and Graduation Works (WTICG):
@inproceedings{paper1,
author={Gabriel Ruschel Castanhel and Tiago Heinrich and Fabrício Ceschin and Carlos A. Maziero},
title={Detecção de Anomalias: Estudo de Técnicas de Identificação de Ataques em um Ambiente de Contêiner},
year={2020},
series={Undergraduate Research Workshop - Brazilian Security Symposium (WTICG - SBSeg)}
}
The paper could be found here.
The following components should be installed:
* python 3.8.5
* pip3 20.0.2
* scikit-learn 0.22.2
Python3 and pip3 are required for testing. Arch linux installation guide:
sudo pacman -S python python-pip
Debian installation guide:
sudo apt install python3 python3-pip
Clone this repository:
git clone https://github.com/gabrielruschel/hids-docker
And install the dependencies using pip3:
cd hids-docker/
pip3 install -r requirements.txt
To run the tests, just use the following command:
python3 main.py [-d {sbseg,iscc}] [-f {raw,filter}] <window_size>
-d: specifies which dataset to use (default: iscc)-f: specifies which filter mode to use (default: raw)window_size: specifies the size of the window be used in the tests.
The -h argument shows the help message. It is possible to edit in the main section of the code which specific methods you want to test.
- gabrielruschel (Gabriel Ruschel Castanhel) (owner)
- h31nr1ch (Tiago Heinrich) (contributor)
- fabriciojoc (Fabrício Ceschin) (contributor)
- cmaziero (Carlos Maziero) (contributor)