Enhancing host intrusion detection systems for Linux based network operating systems

This paper proposes an enhanced model of Host Intrusion Detection Systems (HIDS) adapted for Linux-based Network Operating Systems (NOS), specifically SONiC. The SONiC architecture has been analyzed to identify intrusion-sensitive components, including telemetry data, container logs, and inter-container communications. A machine learning-based HIDS profile has been introduced to detect anomalies within containerized services and network modules. Signature-based, anomaly-based, and hybrid-based detection approaches have been classified with consideration of NOS-specific traits. The proposed solution has integrated external threat intelligence and adversarial modeling to improve detection accuracy. Results confirm the effectiveness of the method in securing cloud-scale networks powered by open-source NOS platforms.