تعزيز الأمن السيبراني في الزمن الحقيقي:تأثير حجم تسلسلات استدعاءات النظام على اكتشاف الاقتحام
الكلمات المفتاحية:
تعلم الآلة، استدعاءات النظام ، أنظمة كشف الاقتحام، النافذة المنزلقة.
الملخص
شهدت تقنيات الحاويات نموًا وقيمة كبيرة في السنوات الأخيرة، خاصة بالنسبة للمطورين وشركات التكنولوجيا، كما أصبحت القدرة على اكتشاف الهجمات السيبرانية في الزمن الحقيقي للحاويات ضرورة بالغة الأهمية، خاصة مع دمجها في البيئة السحابية. ولتحقيق هذا الهدف، تم استخدام أنظمة كشف الاقتحام لتحديد الأنشطة المشبوهة داخل التطبيقات التي تعمل في الحاويات، وبغض النظر عما إذا كانت هذه الحاويات تعمل بشكل منفصل أو داخل بيئة سحابية، فإن محاولات التلاعب بسلوكها أو سلوك التطبيقات الموجودة بداخلها لن تساعد في اكتشاف الهجمات أو الحالات الشاذة.
تتركز المساهمة في هذا البحث من خلال استكشاف تأثير حجم تسلسلات استدعاءات لبنظام في الكشف عن الهجمات عن طريق استخدام نهج النافذة المنزلقة بأحجام مختلفة و دراسة فيما إذا كانت الاختلافات في حجم النافذة المنزلقة تؤثر على أداء المصنف فيما يتعلق باكتشاف السلوك الغير الطبيعي، تم استخدام مجموعة بيانات معيارية (LID-DS) ، كما تم تقييم عملية استخدام جزء من التتبع او التتبع بالكامل وتأثيره على عملية كشف الشذوذ. تم استخدام خوارزميات تعلم الآلة. حققت خوارزمية الغابة العشوائية أفضل النتائج لجميع المقاييس ووفق جميع أحجام النوافذ، كما أن أفضل النتائج تم تحقيقها وفق حجم نافذة w=14 ، أي أن النافذة بحجم 14 كانت مناسبة وحققت أفضل النتائج في اكتشاف الهجمات.
المراجع
[A]. Joraviya, N., Gohil, B. N., & Rao, U. P. (2024). Ab‐HIDS: An anomaly‐based host intrusion detection system using frequency of N‐gram system call features and ensemble learning for containerized environment. Concurrency and Computation: Practice and Experience, 36(23), e8249.
[B]. Zhang, L., Cushing, R., de Laat, C., & Grosso, P. (2021). A real-time intrusion detection system based on OC-SVM, In 2021 IEEE 24th International Conference on Computational Science and Engineering (CSE) (pp. 138-145).
[C]. Grimmer, M., Kaelble, T., Nirsberger, F., Schulze, E., Rucks, T., Hoffmann, J., & Rahm, E. (2022, September). Dataset Report: LID-DS 2021. In International Conference on Critical Information Infrastructures Security (pp. 63-73). Cham: Springer Nature Switzerland.
[D]. Shamim, N., Asim, M., Baker, T., & Awad, A. I. (2023). Efficient Approach for Anomaly Detection in IoT Using System Calls. Sensors, 23(2), 652. https://doi.org/10.3390/s23020652
[E]. Birihanu, E., & Lendák, I. (2025). Explainable correlation-based anomaly detection for Industrial Control Systems. Frontiers in Artificial Intelligence, 7, 1508821.
[F]. Vajda, D. L., Do, T. V., Bérczes, T., & Farkas, K. (2024). Machine learning-based real-time anomaly detection using data pre-processing in the telemetry of server farms. Scientific Reports, 14(1), 23288.
[G]. El Khairi, A., Caselli, M., Knierim, C., Peter, A., & Continella, A. (2022, November). Contextualizing system calls in containers for anomaly-based intrusion detection. In Proceedings of the 2022 on Cloud Computing Security Workshop (pp. 9-21).
[H]. Joraviya, N., Gohil, B. N., & Rao, U. P. (2024). Ab‐HIDS: An anomaly‐based host intrusion detection system using frequency of N‐gram system call features and ensemble learning for containerized environment. Concurrency and Computation: Practice and Experience, 36(23), e8249.
[I]. Rossotti, A. (2022). Anomaly detection framework and deep learning techniques for zero-day attack in container based environment
[K]. Zhang, L., Cushing, R., de Laat, C., & Grosso, P. (2021, October). A real-time intrusion detection system based on OC-SVM for containerized applications. In 2021 IEEE 24th international conference on computational science and engineering (CSE) (pp. 138-145). IEEE.
[L]. Flora, J., & Antunes, N. (2019, September). Studying the applicability of intrusion detection to multi-tenant container environments. In 2019 15th European Dependable Computing Conference (EDCC) (pp. 133-136). IEEE.
[M]. Carmona-Cabezas, R., Gómez-Gómez, J., Gutiérrez de Ravé, E., & Jiménez-Hornero, F. J. (2019). A sliding window-based algorithm for faster transformation of time series into complex networks. Chaos: An Interdisciplinary Journal of Nonlinear Science, 29(10).
[N]. Bernaschi, M., Gabrielli, E., & Mancini, L. V. (2002). REMUS: A security-enhanced operating system. ACM Transactions on Information and System Security (TISSEC), 5(1), 36-61.
[O]. Mahfouz, A. M., Abuhussein, A., Venugopal, D., & Shiva, S. G. (2021). Network intrusion detection model using one-class support vector machine. In Advances in Machine Learning and Computational Intelligence: Proceedings of ICMLCI 2019 (pp. 79-86). Springer Singapore
[P]. Alghushairy, O., Alsini, R., Soule, T., & Ma, X. (2020). A Review of Local Outlier Factor Algorithms for Outlier Detection in Big Data Streams. Big Data Cogn. Compute. 2021, 5,
[Q]. Srinivasan, S., Kumar, A., Mahajan, M., Sitaram, D., & Gupta, S. (2019). Probabilistic realtime intrusion detection system for docker containers. In Security in Computing and Communications: 6th International Symposium, SSCC 2018, Bangalore, India, September, Revised Selected Papers 6 (pp. 336-347). Springer Singapore.
[R]. Byrnes, J., Hoang, T., Mehta, N. N., & Cheng, Y. (2020, October). A modern implementation of system call sequence-based host-based intrusion detection systems. In 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA) (pp. 218-225). IEEE
[S]. Abed, A. S., Clancy, T. C., & Levy, D. S. (2015, December). Applying bag of system calls for anomalous behavior detection of applications in linux containers. In 2015 IEEE globecom workshops (GC Wkshps) (pp. 1-5). IEEE.
[T]. Liu, M., Xue, Z., Xu, X., Zhong, C., & Chen, J. (2018). Host-based intrusion detection system with system calls: Review and future trends. ACM computing surveys (CSUR), 51(5), 1-36
[B]. Zhang, L., Cushing, R., de Laat, C., & Grosso, P. (2021). A real-time intrusion detection system based on OC-SVM, In 2021 IEEE 24th International Conference on Computational Science and Engineering (CSE) (pp. 138-145).
[C]. Grimmer, M., Kaelble, T., Nirsberger, F., Schulze, E., Rucks, T., Hoffmann, J., & Rahm, E. (2022, September). Dataset Report: LID-DS 2021. In International Conference on Critical Information Infrastructures Security (pp. 63-73). Cham: Springer Nature Switzerland.
[D]. Shamim, N., Asim, M., Baker, T., & Awad, A. I. (2023). Efficient Approach for Anomaly Detection in IoT Using System Calls. Sensors, 23(2), 652. https://doi.org/10.3390/s23020652
[E]. Birihanu, E., & Lendák, I. (2025). Explainable correlation-based anomaly detection for Industrial Control Systems. Frontiers in Artificial Intelligence, 7, 1508821.
[F]. Vajda, D. L., Do, T. V., Bérczes, T., & Farkas, K. (2024). Machine learning-based real-time anomaly detection using data pre-processing in the telemetry of server farms. Scientific Reports, 14(1), 23288.
[G]. El Khairi, A., Caselli, M., Knierim, C., Peter, A., & Continella, A. (2022, November). Contextualizing system calls in containers for anomaly-based intrusion detection. In Proceedings of the 2022 on Cloud Computing Security Workshop (pp. 9-21).
[H]. Joraviya, N., Gohil, B. N., & Rao, U. P. (2024). Ab‐HIDS: An anomaly‐based host intrusion detection system using frequency of N‐gram system call features and ensemble learning for containerized environment. Concurrency and Computation: Practice and Experience, 36(23), e8249.
[I]. Rossotti, A. (2022). Anomaly detection framework and deep learning techniques for zero-day attack in container based environment
[K]. Zhang, L., Cushing, R., de Laat, C., & Grosso, P. (2021, October). A real-time intrusion detection system based on OC-SVM for containerized applications. In 2021 IEEE 24th international conference on computational science and engineering (CSE) (pp. 138-145). IEEE.
[L]. Flora, J., & Antunes, N. (2019, September). Studying the applicability of intrusion detection to multi-tenant container environments. In 2019 15th European Dependable Computing Conference (EDCC) (pp. 133-136). IEEE.
[M]. Carmona-Cabezas, R., Gómez-Gómez, J., Gutiérrez de Ravé, E., & Jiménez-Hornero, F. J. (2019). A sliding window-based algorithm for faster transformation of time series into complex networks. Chaos: An Interdisciplinary Journal of Nonlinear Science, 29(10).
[N]. Bernaschi, M., Gabrielli, E., & Mancini, L. V. (2002). REMUS: A security-enhanced operating system. ACM Transactions on Information and System Security (TISSEC), 5(1), 36-61.
[O]. Mahfouz, A. M., Abuhussein, A., Venugopal, D., & Shiva, S. G. (2021). Network intrusion detection model using one-class support vector machine. In Advances in Machine Learning and Computational Intelligence: Proceedings of ICMLCI 2019 (pp. 79-86). Springer Singapore
[P]. Alghushairy, O., Alsini, R., Soule, T., & Ma, X. (2020). A Review of Local Outlier Factor Algorithms for Outlier Detection in Big Data Streams. Big Data Cogn. Compute. 2021, 5,
[Q]. Srinivasan, S., Kumar, A., Mahajan, M., Sitaram, D., & Gupta, S. (2019). Probabilistic realtime intrusion detection system for docker containers. In Security in Computing and Communications: 6th International Symposium, SSCC 2018, Bangalore, India, September, Revised Selected Papers 6 (pp. 336-347). Springer Singapore.
[R]. Byrnes, J., Hoang, T., Mehta, N. N., & Cheng, Y. (2020, October). A modern implementation of system call sequence-based host-based intrusion detection systems. In 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA) (pp. 218-225). IEEE
[S]. Abed, A. S., Clancy, T. C., & Levy, D. S. (2015, December). Applying bag of system calls for anomalous behavior detection of applications in linux containers. In 2015 IEEE globecom workshops (GC Wkshps) (pp. 1-5). IEEE.
[T]. Liu, M., Xue, Z., Xu, X., Zhong, C., & Chen, J. (2018). Host-based intrusion detection system with system calls: Review and future trends. ACM computing surveys (CSUR), 51(5), 1-36
منشور
2026-03-09
كيفية الاقتباس
مصطفىع., أبو قاسم ك., & حجازية م. (2026). تعزيز الأمن السيبراني في الزمن الحقيقي:تأثير حجم تسلسلات استدعاءات النظام على اكتشاف الاقتحام. مجلة جامعة حماة, 8(3). استرجع في من https://hama-univ.edu.sy/ojs/index.php/huj/article/view/2729
