{"id":"https://openalex.org/W4403937383","doi":"https://doi.org/10.1109/iscc61673.2024.10733595","title":"I See Syscalls by the Seashore: An Anomaly-based IDS for Containers Leveraging Sysdig Data","display_name":"I See Syscalls by the Seashore: An Anomaly-based IDS for Containers Leveraging Sysdig Data","publication_year":2024,"publication_date":"2024-06-26","ids":{"openalex":"https://openalex.org/W4403937383","doi":"https://doi.org/10.1109/iscc61673.2024.10733595"},"language":"en","primary_location":{"id":"doi:10.1109/iscc61673.2024.10733595","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc61673.2024.10733595","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107662939","display_name":"Anderson Fras\u00e3o","orcid":null},"institutions":[{"id":"https://openalex.org/I59606676","display_name":"Universidade Federal do Par\u00e1","ror":"https://ror.org/03q9sr818","country_code":"BR","type":"education","lineage":["https://openalex.org/I59606676"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"Anderson Fras\u00e3o","raw_affiliation_strings":["Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil","institution_ids":["https://openalex.org/I59606676"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053942798","display_name":"Tiago Heinrich","orcid":"https://orcid.org/0000-0002-8017-1293"},"institutions":[{"id":"https://openalex.org/I4210109712","display_name":"Max Planck Institute for Informatics","ror":"https://ror.org/01w19ak89","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210109712"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tiago Heinrich","raw_affiliation_strings":["Max Planck Institute for Informatics,Saarbrücken,Germany"],"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Informatics,Saarbrücken,Germany","institution_ids":["https://openalex.org/I4210109712"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030269830","display_name":"Vin\u00edcius F\u00fclber-Garcia","orcid":"https://orcid.org/0000-0003-1544-6315"},"institutions":[{"id":"https://openalex.org/I59606676","display_name":"Universidade Federal do Par\u00e1","ror":"https://ror.org/03q9sr818","country_code":"BR","type":"education","lineage":["https://openalex.org/I59606676"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Vinicius Fulber-Garcia","raw_affiliation_strings":["Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil","institution_ids":["https://openalex.org/I59606676"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066153918","display_name":"Newton C. Will","orcid":"https://orcid.org/0000-0003-2976-4533"},"institutions":[{"id":"https://openalex.org/I1283613182","display_name":"Universidade Tecnol\u00f3gica Federal do Paran\u00e1","ror":"https://ror.org/002v2kq79","country_code":"BR","type":"education","lineage":["https://openalex.org/I1283613182"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Newton C. Will","raw_affiliation_strings":["Federal University of Technology,Computer Science Department,Paran\u00e1,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Technology,Computer Science Department,Paran\u00e1,Brazil","institution_ids":["https://openalex.org/I1283613182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041210276","display_name":"Rafael R. Obelheiro","orcid":"https://orcid.org/0000-0002-4014-6691"},"institutions":[{"id":"https://openalex.org/I164790352","display_name":"Universidade do Estado de Santa Catarina","ror":"https://ror.org/03ztsbk67","country_code":"BR","type":"education","lineage":["https://openalex.org/I164790352"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Rafael R. Obelheiro","raw_affiliation_strings":["State University of Santa Catarina,Computer Science Department,Joinville,Brazil"],"affiliations":[{"raw_affiliation_string":"State University of Santa Catarina,Computer Science Department,Joinville,Brazil","institution_ids":["https://openalex.org/I164790352"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049431434","display_name":"Carlos Maziero","orcid":"https://orcid.org/0000-0003-2592-3664"},"institutions":[{"id":"https://openalex.org/I59606676","display_name":"Universidade Federal do Par\u00e1","ror":"https://ror.org/03q9sr818","country_code":"BR","type":"education","lineage":["https://openalex.org/I59606676"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Carlos A. Maziero","raw_affiliation_strings":["Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Paraná,Informatics Department,Paran\u00e1,Brazil","institution_ids":["https://openalex.org/I59606676"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5107662939"],"corresponding_institution_ids":["https://openalex.org/I59606676"],"apc_list":null,"apc_paid":null,"fwci":0.7305,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.7371927,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9790999889373779,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9790999889373779,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.9786999821662903,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10317","display_name":"Advanced Database Systems and Queries","score":0.9761999845504761,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6131123304367065},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.560531735420227},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5348590612411499},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.27572810649871826},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.08816304802894592}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6131123304367065},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.560531735420227},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5348590612411499},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27572810649871826},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.08816304802894592},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc61673.2024.10733595","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc61673.2024.10733595","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life below water","score":0.5299999713897705,"id":"https://metadata.un.org/sdg/14"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W2051046095","https://openalex.org/W2101234009","https://openalex.org/W2111306891","https://openalex.org/W2115348994","https://openalex.org/W2122646361","https://openalex.org/W2127639920","https://openalex.org/W2133590498","https://openalex.org/W2270992672","https://openalex.org/W2278186031","https://openalex.org/W2291034565","https://openalex.org/W2900713154","https://openalex.org/W2936268283","https://openalex.org/W2955803596","https://openalex.org/W2987194787","https://openalex.org/W3032088091","https://openalex.org/W3097652319","https://openalex.org/W3136767761","https://openalex.org/W3216768217","https://openalex.org/W4200120081","https://openalex.org/W4200492453","https://openalex.org/W4224283446","https://openalex.org/W4249265596","https://openalex.org/W4280572823","https://openalex.org/W4285047792","https://openalex.org/W4285502303","https://openalex.org/W4308219550","https://openalex.org/W4378191139","https://openalex.org/W4385080305","https://openalex.org/W4392397387","https://openalex.org/W6963691520"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W2972971679"],"abstract_inverted_index":{"Intrusion":[0],"detection":[1,34,66,117,170],"in":[2,46],"virtualized":[3],"environments":[4],"is":[5,56,151],"vital":[6],"due":[7],"to":[8,32,62,125],"the":[9,26,47,82,92,127,136,156],"widespread":[10],"adoption":[11],"of":[12,91,104,129,138,158],"virtualization":[13],"technology.":[14],"A":[15],"common":[16],"strategy":[17],"for":[18,80,118,143],"achieving":[19,168],"this":[20,123],"task":[21],"involves":[22],"collecting":[23,81],"data":[24,133],"from":[25],"virtual":[27,48],"environment":[28],"and":[29,88,97,121,131,134],"providing":[30],"it":[31],"intrusion":[33,65,116],"solutions.":[35],"However,":[36],"these":[37],"solutions":[38],"can":[39,77],"be":[40,78],"affected":[41],"by":[42,86],"other":[43],"elements":[44],"present":[45],"environment.":[49],"An":[50],"approach":[51],"that":[52,149],"has":[53],"gained":[54],"prominence":[55],"applying":[57],"machine":[58],"learning":[59],"(ML)":[60],"models":[61,142],"perform":[63],"anomaly-based":[64,115],"based":[67],"on":[68,114],"system":[69,83,105,159],"call":[70,106,160],"traces.":[71],"In":[72],"Linux-based":[73],"environments,":[74],"many":[75],"tools":[76],"used":[79],"calls":[84],"issued":[85],"processes":[87],"containers;":[89],"two":[90],"most":[93],"popular":[94],"are":[95],"strace":[96,130,166],"sysdig.":[98],"This":[99],"paper":[100],"introduces":[101],"a":[102,112],"dataset":[103,124],"traces":[107,161],"collected":[108],"with":[109,111,162,172],"sysdig":[110,132,150],"focus":[113],"containerized":[119],"applications":[120],"uses":[122],"compare":[126],"effectiveness":[128],"evaluate":[135],"performance":[137,171],"five":[139],"different":[140],"ML":[141,174],"anomaly":[144],"detection.":[145],"The":[146],"results":[147],"reveal":[148],"an":[152],"attractive":[153],"option,":[154],"enabling":[155],"collection":[157],"lower":[163],"overhead":[164],"than":[165],"while":[167],"good":[169],"several":[173],"models.":[175]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}