TY - GEN
T1 - Multidimensional Intrusion Detection System for Containerized Environments
AU - Morsli, Reda
AU - Kara, Nadjia
AU - Ould-Slimane, Hakima
AU - Lahlou, Laaziz
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Intrusion Detection Systems (IDS) are critical for securing modern networks and systems; however, traditional IDS approaches often rely solely on network traffic or host-level data, limiting their ability to detect sophisticated threats such as AI-driven, zero-day, and polymorphic attacks. This limitation is even more pronounced in highly dynamic environments, such as cloud-based and containerized architectures, where the potential of leveraging rich contextual information remains underexplored. To address this gap, we propose a novel Multidimensional Intrusion Detection System (MIDS) approach that integrates multiple data dimensions, including network and container features, to enhance threat detection in containerized environments. By combining these dimensions, MIDS provides a holistic view of the cluster, enabling more comprehensive threat analysis and improved detection accuracy. We introduce a new data merging technique that unifies network flows with container metrics to facilitate multidimensional analysis. Due to the lack of existing datasets containing such heterogeneous data, we generated two MIDS datasets by simulating prevalent attacks on two well-known containerized applications deployed on Kubernetes (K8s): one using the Damn Vulnerable Web Application (DVWA) and the other using Google's Bank of Anthos (BoA). These simulations included Denial of Service (DoS), brute force, and SQL injection attacks. We evaluated state-of-the-art machine learning (ML) algorithms on these datasets, including SVM, XGBoost, and DNN. The experimental results demonstrate that using MIDS enables ML algorithms to achieve up to 8.69% and 30.07% higher F1 scores compared to using only network or container data, respectively. Feature analysis highlights the complementary contributions of network and container dimensions, showcasing the effectiveness of the proposed multidimensional approach for intrusion detection in containerized environments.
AB - Intrusion Detection Systems (IDS) are critical for securing modern networks and systems; however, traditional IDS approaches often rely solely on network traffic or host-level data, limiting their ability to detect sophisticated threats such as AI-driven, zero-day, and polymorphic attacks. This limitation is even more pronounced in highly dynamic environments, such as cloud-based and containerized architectures, where the potential of leveraging rich contextual information remains underexplored. To address this gap, we propose a novel Multidimensional Intrusion Detection System (MIDS) approach that integrates multiple data dimensions, including network and container features, to enhance threat detection in containerized environments. By combining these dimensions, MIDS provides a holistic view of the cluster, enabling more comprehensive threat analysis and improved detection accuracy. We introduce a new data merging technique that unifies network flows with container metrics to facilitate multidimensional analysis. Due to the lack of existing datasets containing such heterogeneous data, we generated two MIDS datasets by simulating prevalent attacks on two well-known containerized applications deployed on Kubernetes (K8s): one using the Damn Vulnerable Web Application (DVWA) and the other using Google's Bank of Anthos (BoA). These simulations included Denial of Service (DoS), brute force, and SQL injection attacks. We evaluated state-of-the-art machine learning (ML) algorithms on these datasets, including SVM, XGBoost, and DNN. The experimental results demonstrate that using MIDS enables ML algorithms to achieve up to 8.69% and 30.07% higher F1 scores compared to using only network or container data, respectively. Feature analysis highlights the complementary contributions of network and container dimensions, showcasing the effectiveness of the proposed multidimensional approach for intrusion detection in containerized environments.
KW - Container Metrics
KW - Intrusion Detection Systems (IDS)
KW - Kubernetes Security
KW - Multidimensional Data Analysis
KW - Network Traffic
UR - https://www.scopus.com/pages/publications/105012573982
U2 - 10.1109/NetSoft64993.2025.11080585
DO - 10.1109/NetSoft64993.2025.11080585
M3 - Contribution to conference proceedings
AN - SCOPUS:105012573982
T3 - Proceedings of the 11th IEEE International Conference on Network Softwarization, NetSoft 2025
SP - 546
EP - 554
BT - Proceedings of the 11th IEEE International Conference on Network Softwarization, NetSoft 2025
A2 - Varga, Pal
A2 - Cerroni, Walter
A2 - Fung, Carol
A2 - Szabo, Robert
A2 - Tornatore, Massimo
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th IEEE International Conference on Network Softwarization, NetSoft 2025
Y2 - 23 June 2025 through 27 June 2025
ER -