Abed, Amr S.Clancy, Thomas Charles IIILevy, David S.2017-11-172017-11-172015-12-09http://hdl.handle.net/10919/80422Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.application/pdfenIn CopyrightIntrusion DetectionAnomaly DetectionSystem Call MonitoringContainer SecuritySecurity in Cloud ComputingArticle - Refereedhttps://arxiv.org/abs/1611.03056https://doi.org/10.1007/978-3-319-24858-5_89331