Enhancing Host Intrusion Detection Systems for Linux Based Network Operating Systems
This paper proposes an enhanced model of Host Intrusion Detection Systems (HIDS) adapted for Linux- based Network Operating Systems (NOS), specifically SONiC. The SONiC architecture has been analyzed to identify intrusion-sensitive components, including telemetry data, container logs, and inter-container communications. A machine learning-based HIDS profile has been introduced to detect anomalies within containerized services and network modules. Signature-based, anomaly-based, and hybrid-based detection approaches have been classified with consideration of NOS-specific traits.