容器安全中IDS方法的实证分析

2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC) Pub Date : 2022-09-01 DOI:10.1109/SRMC57347.2022.00007

Yigit Sever, Goktug Ekinci, Adnan Harun Dogan, Bugra Alparslan, Abdurrahman Said Gurbuz, Vahab Jabrayilov, Pelin Angin

{"title":"容器安全中IDS方法的实证分析","authors":"Yigit Sever, Goktug Ekinci, Adnan Harun Dogan, Bugra Alparslan, Abdurrahman Said Gurbuz, Vahab Jabrayilov, Pelin Angin","doi":"10.1109/SRMC57347.2022.00007","DOIUrl":null,"url":null,"abstract":"Microservices architecture has been praised as a lightweight, modular and robust alternative to monolithic software in recent years with software containerization bringing parallel ideas to the table against bare metal and even virtual machine based software deployment solutions. While containers provide support for agile software development in the cloud, they suffer from security issues due to their lightweight structure not providing isolation as strong as that of virtual machines. This calls for the development of robust intrusion detection systems (IDS) for containers, taking into account their specific vulnerabilities. Existing IDS for containerized software deployments have mainly used host-based syscall monitoring, with only a few utilizing network-based monitoring without justification for the particular sensor used. In this paper, we aim to close this research gap by empirically evaluating the performances of system call and network flow based features in machine learning-based intrusion detection for containers when subjected to the same attacks. Our results show that basing the IDS on the network layer exhibits better performance than the host-based IDS for the investigated vulnerabilities, demonstrating the need for network monitoring for enhanced container security.","PeriodicalId":205724,"journal":{"name":"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Empirical Analysis of IDS Approaches in Container Security\",\"authors\":\"Yigit Sever, Goktug Ekinci, Adnan Harun Dogan, Bugra Alparslan, Abdurrahman Said Gurbuz, Vahab Jabrayilov, Pelin Angin\",\"doi\":\"10.1109/SRMC57347.2022.00007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Microservices architecture has been praised as a lightweight, modular and robust alternative to monolithic software in recent years with software containerization bringing parallel ideas to the table against bare metal and even virtual machine based software deployment solutions. While containers provide support for agile software development in the cloud, they suffer from security issues due to their lightweight structure not providing isolation as strong as that of virtual machines. This calls for the development of robust intrusion detection systems (IDS) for containers, taking into account their specific vulnerabilities. Existing IDS for containerized software deployments have mainly used host-based syscall monitoring, with only a few utilizing network-based monitoring without justification for the particular sensor used. In this paper, we aim to close this research gap by empirically evaluating the performances of system call and network flow based features in machine learning-based intrusion detection for containers when subjected to the same attacks. Our results show that basing the IDS on the network layer exhibits better performance than the host-based IDS for the investigated vulnerabilities, demonstrating the need for network monitoring for enhanced container security.\",\"PeriodicalId\":205724,\"journal\":{\"name\":\"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SRMC57347.2022.00007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRMC57347.2022.00007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

近年来，随着软件容器化带来了与裸机甚至基于虚拟机的软件部署解决方案并行的思想，微服务架构被誉为轻量级、模块化和健壮的单片软件替代品。虽然容器为云中的敏捷软件开发提供了支持，但由于其轻量级结构不能提供像虚拟机那样强大的隔离性，因此存在安全问题。这就要求为容器开发健壮的入侵检测系统(IDS)，并考虑到容器的特定漏洞。用于容器化软件部署的现有IDS主要使用基于主机的系统调用监视，只有少数使用基于网络的监视，而没有使用特定传感器的理由。在本文中，我们的目标是通过经验评估系统调用和基于网络流的特征在受到相同攻击时基于机器学习的容器入侵检测中的性能来缩小这一研究差距。我们的研究结果表明，对于所调查的漏洞，基于网络层的IDS比基于主机的IDS表现出更好的性能，这表明需要进行网络监控以增强容器安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Empirical Analysis of IDS Approaches in Container Security

Microservices architecture has been praised as a lightweight, modular and robust alternative to monolithic software in recent years with software containerization bringing parallel ideas to the table against bare metal and even virtual machine based software deployment solutions. While containers provide support for agile software development in the cloud, they suffer from security issues due to their lightweight structure not providing isolation as strong as that of virtual machines. This calls for the development of robust intrusion detection systems (IDS) for containers, taking into account their specific vulnerabilities. Existing IDS for containerized software deployments have mainly used host-based syscall monitoring, with only a few utilizing network-based monitoring without justification for the particular sensor used. In this paper, we aim to close this research gap by empirically evaluating the performances of system call and network flow based features in machine learning-based intrusion detection for containers when subjected to the same attacks. Our results show that basing the IDS on the network layer exhibits better performance than the host-based IDS for the investigated vulnerabilities, demonstrating the need for network monitoring for enhanced container security.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)

自引率

0.00%

发文量