Intrusion Detection System in Docker Swarm

Abstract

The proposed idea is to build a fully functional Intrusion Detection System. There will be three things that our application will detect namely: • Denial of Service • Remote to local Attack (Privilege escalation) • Probing Attack (Illegal Information Gathering). The System will carry out the analysis of the packets send in TCP/IP layer, HTTP layer and other network layers. Based on the analysis of the packets sent by the host to the server, IDS will identify the Attack Vectors and malicious packets. After that, this whole system will be deployed on the Docker as an image and hence hosted on AWS (Amazon Web Services) platform. The reason why a DevOps technology is applied is for Continuous Integration and Continuous Deployment (CI/CD) pipeline for the services. There can be many replicas running for our IDS service side by side and the failure of one service will not affect the server as it will rebuild the new IDS service instantaneously by pulling the docker image. This will make our system run 24X7 with Zerodowntime.