1. ACPS
  2. All Volumes and Issues
  3. Volume 10, Number 1, 2025
  4. Enhancing Host Intrusion Detection Systems for Linux Based Network Operating Systems

Enhancing Host Intrusion Detection Systems for Linux Based Network Operating Systems

ACPS.
2025;
Volume 10, Number 1
: pp. 54 - 58
https://doi.org/10.23939/acps2025.01.054
Authors:
  1. Bohdan Havano
  2. Andriy Dobush
1
Lviv Polytechnic National University, Computer Engineering Department
2
Lviv Polytechnic National University, Ukraine

This paper proposes an enhanced model of Host Intrusion Detection Systems (HIDS) adapted for Linux- based Network Operating Systems (NOS), specifically SONiC. The SONiC architecture has been analyzed to identify intrusion-sensitive components, including telemetry data, container logs, and inter-container communications. A machine learning-based HIDS profile has been introduced to detect anomalies within containerized services and network modules. Signature-based, anomaly-based, and hybrid-based detection approaches have been classified with consideration of NOS-specific traits. The proposed solution has integrated external threat intelligence and adversarial modeling to improve detection accuracy. Results confirm the effectiveness of the method in securing cloud-scale networks powered by open-source NOS platforms.

Host intrusion detection
Linux
Network OS
security
  1. Satilmiş, H., Akleylek, S., & Tok, Z. Y. (2024). A systematic literature review on host-based intrusion detection systems. Ieee Access, 12, 27237-27266. DOI: https://doi.org/10.1109/ACCESS.2024.3367004
  2. Liu, M., Xue, Z., Xu, X., Zhong, C., & Chen, J. (2018). Host-based intrusion detection system with system calls: Review and future trends. ACM computing  surveys (CSUR), 51(5), 1-36. DOI: https://doi.org/10.1145/3214304
  3. Ou, Y. J., Lin, Y., & Zhang, Y. (2010, April). The design and implementation of host-based intrusion  detection system. In 2010 third international symposium on intelligent information technology  and security informatics 595-598.IEEE. DOI: https://doi.org/10.1109/IITSI.2010.127
  4. Jose, S., Malathi, D., Reddy, B., & Jayaseeli, D. (2018, April). A survey on anomaly based host intrusion detection system. In Journal of Physics: Conference Series (Vol. 1000, p. 012049). IOP Publishing. DOI: https://doi.org/10.1088/1742-6596/1000/1/012049.
  5. SONiC Network OS architecture document. (2025). [Electronic             resource].                Available: https://github.com/sonic-net/sonic/wiki/architecture.
  6. AlSabeh, A., Kfoury, E., Crichigno,  J.,  & Bou-Harb,  E. (2020, July). Leveraging sonic functionalities in disaggregated network switches. In 2020 43rd International Conference on Telecommunications and Signal Processing (TSP) (pp. 457-460). IEEE. DOI:https://doi.org/10.1109/TSP49548.2020.9163508
  7. Ozkan-Okay, M., Samet, R., Aslan, Ö., & Gupta, D. (2021). A comprehensive systematic literature review on intrusion detection systems. IEEE Access, 9, 157727-157760. DOI: https://doi.org/10.1109/ACCESS.2021.3129336.
  8. Joraviya, N., Gohil, B. N., & Rao, U. P. (2024). Ab‐HIDS: An anomaly-based host intrusion detection system using frequency of N-gram system call features and ensemble learning for containerized environment. Concurrency and Computation: Practice and Experience, 36(23), e8249. DOI: https://doi.org/10.1002/cpe.8249