Adaptive File Integrity Monitoring for Container Virtualization Environments using OSSEC with Real-Time Alerting

Authors

  • Gerry Wowiling Institut Teknologi Del
  • Eka Stephani Sinambela Institut Teknologi Del
  • Frengki Simatupang Institut Teknologi Del
  • Fabert Jody Manuel Siagian Institut Teknologi Del
  • Aisyah Ayu Sibarani Institut Teknologi Del
  • Indah Sari Batubara Institut Teknologi Del

DOI:

https://doi.org/10.30871/jaic.v9i5.10006

Keywords:

Container, Docker, File Integrity Monitoring, OSSEC, Virtualization

Abstract

In this ever-evolving digital age, container technology has become one of the main solutions in cloud computing due to its efficiency and flexibility. However, the dynamic and ephemeral nature of containers poses new challenges in terms of security, especially regarding data integrity. The implementation of OSSEC in container environments requires a tailored approach, as it lacks native support for automatically detecting new containers. Agents must be embedded within container images or installed at the host level. These agents activate each time a container runs and send monitoring data to the OSSEC server. With orchestration and automated configuration, monitoring results are stored externally, and real-time email alerts can be triggered upon detecting suspicious file changes. Container environments are increasingly targeted by cyber threats such as malware and ransomware, which pose risks of unauthorized data access or encryption. Limited file integrity monitoring within containers creates a security gap that can be exploited undetected. This research addresses the issue by implementing a File Integrity Monitoring (FIM) mechanism using OSSEC, an open-source Host Intrusion Detection System (HIDS) capable of real-time file and log monitoring, malware detection, and automated threat response. OSSEC is deployed within a Docker-based setup and integrated with a Web User Interface for visualizing logs and monitoring activity. The system includes real-time email notifications for immediate alerts. Testing through file modification scenarios confirmed OSSEC’s accuracy in detecting changes and notifying administrators. This implementation effectively strengthens data security and provides timely threat detection in containerized environments.

Downloads

Download data is not yet available.

References

[1] M. Fadlulloh and R. Bik, “Implementasi Docker Untuk Pengelolaan Banyak Aplikasi Web (Studi Kasus : Jurusan Teknik Informatika UNESA),” J. Manaj. Inform., vol. 7, no. Vm, pp. 46–50, 2017.

[2] CBNCloud, “Menguak Praktek Keamanan Terbaik dalam Microservices dan Container.” [Online]. Available: https://cbncloud.co.id/id/blog-news/menguak-praktek-keamanan-terbaik-dalam-microservices-dan-container

[3] Cado Security, “What is Docker architecture?” [Online]. Available: https://www.cadosecurity.com/wiki/what-is-docker-architecture

[4] S. Dwiyatno, E. Rachmat, A. P. Sari, and O. Gustiawan, “Implementasi Virtualisasi Server Berbasis Docker Container,” PROSISKO J. Pengemb. Ris. dan Obs. Sist. Komput., vol. 7, no. 2, pp. 165–175, 2020, doi: 10.30656/prosisko.v7i2.2520.

[5] D. Zhan, K. Tan, L. Ye, H. Yu, and H. Liu, “Container Introspection: Using External Management Containers to Monitor Containers in Cloud Computing,” Comput. Mater. Contin., vol. 69, no. 3, pp. 3783–3794, 2021, doi: 10.32604/cmc.2021.019432.

[6] S. Sultan, I. Ahmad, and T. Dimitriou, “Container security: Issues, challenges, and the road ahead,” IEEE Access, vol. 7, no. c, pp. 52976–52996, 2019, doi: 10.1109/ACCESS.2019.2911732.

[7] Y. Cahyaningrum and I. R. Widiasari, “Analisis Performa Container Berplatform Docker atas SeranganMalicious Software (Malware),” J. Buana Inform., vol. 11, no. 1, pp. 47–54, 2020, doi: 10.24002/jbi.v11i1.3279.

[8] E. S. Sinambela, “Evaluasi Performansi Deteksi Serangan pada HIDS OSSEC,” J. Ilm. Kohesi, vol. 4, no. 1, p. 35, 2020.

[9] Ronal Hadi, Y. Yuliana, and H. A. Mooduto, “Deteksi Ancaman Keamanan Pada Server dan Jaringan Menggunakan OSSEC,” JITSI J. Ilm. Teknol. Sist. Inf., vol. 3, no. 1, pp. 8–15, 2022, doi: 10.30630/jitsi.3.1.58.

[10] D. P. Widyatono and W. Sulistyo, “Pemodelan Instrusion Prevention System Untuk Pendeteksi Dan Pencegahan Penyebaran Malware Menggunakan Wazuh,” J. Inf. Technol. Ampera, vol. 4, no. 1, pp. 113–127, 2023, [Online]. Available: https://journal-computing.org/index.php/journal-ita/index

[11] S. K. Peddoju, “File integrity monitoring tools : Issues , challenges , and solutions,” no. April, pp. 1–8, 2020, doi: 10.1002/cpe.5825.

[12] OSSEC Project Team, “OSSEC.”

[13] P. P. D. Mane, A. Jadhav, O. Sathe, V. Lingade, A. Nagane, and P. Jagdale, “File integrity monitoring,” vol. 05, no. 04, pp. 5574–5576, 2023.

[14] H. Jin, G. Xiang, D. Zou, F. Zhao, M. Li, and C. Yu, “A guest-transparent file integrity monitoring method in virtualization environment,” Comput. Math. with Appl., vol. 60, no. 2, pp. 256–266, 2010, doi: 10.1016/j.camwa.2010.01.007.

[15] J. P. Anderson, “Computer Security Technology Planning Study (Volume II),” Electron. Syst. Div., vol. II, p. 142, 1972, [Online]. Available: https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/ande72.pdf

[16] D. Teixeira, L. Assunção, T. Pereira, S. Malta, and P. Pinto, “OSSEC IDS extension to improve log analysis and override false positive or negative detections,” J. Sens. Actuator Networks, vol. 8, no. 3, 2019, doi: 10.3390/jsan8030046.

[17] Meena R, “What is File Integrity Monitoring and What Files Should I Monitor?” [Online]. Available: https://luminisindia.com/cybersecurity-prism/353-what-is-file-integrity-monitoring-and-what-files-should-i-monitor

[18] J. Jauhiainen, V. Leppänen, and J. Karunen, “Ensuring system integrity and security on limited environment systems,” no. December, 2021.

[19] Linuxhackingid, “OSSEC: Melindungi Sistem dari Ancaman Siber secara Real-Time.”

[20] R. Science, “Perancangan Ids Dengan Teknik Hids (Host Based Intrusion Detection System) Menggunakan Software OSSEC,” vol. 41, no. 0, pp. 1825–1831, 2012.

Downloads

Published

2025-10-18

How to Cite

[1]
G. Wowiling, E. S. Sinambela, F. Simatupang, F. J. M. Siagian, A. A. Sibarani, and I. S. Batubara, “Adaptive File Integrity Monitoring for Container Virtualization Environments using OSSEC with Real-Time Alerting”, JAIC, vol. 9, no. 5, pp. 2764–2774, Oct. 2025.

Issue

Vol. 9 No. 5 (2025): October 2025

Section

Articles

License

Copyright (c) 2025 Gerry Wowiling, Eka Stephani Sinambela, Frengki Simatupang, Fabert Jody Manuel Siagian, Aisyah Ayu Sibarani, Indah Sari Batubara

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Similar Articles

1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.