{"title":"容器化应用的无监督自省","authors":"Pinchen Cui, D. Umphress","doi":"10.1145/3442520.3442530","DOIUrl":null,"url":null,"abstract":"Container (or containerization) as one of the new concepts of virtualization, has attracted increasing attention and occupied a considerable amount of market size owing to the inherent lightweight characteristic. However, the lightweight advantage is achieved at the price of the security. Attacks against weak isolation of the container have been reported, and the use of a shared kernel is another targeted vulnerable point. This work aims to provide secure monitoring of containerized applications, which can help i) the infrastructure owner to ensure the running application is harmless, ii) the application owner to detect anomalous behaviors. We propose to use unsupervised introspection tools to perform the non-intrusive monitoring, which leverages the system call traces to classify the anomalies. Since the traditional dataset used for anomaly detection either only focus on network traces or limited to few attributes of system calls, we crafted and collected various normal and abnormal behaviors of a containerized application, and an optimized and open-source system call based dataset has been built. Unsupervised machine learning classifiers are trained over the proposed dataset, a comprehensive case study has been performed and analyzed. The results show the feasibility of unsupervised introspection of containerized applications.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Towards Unsupervised Introspection of Containerized Application\",\"authors\":\"Pinchen Cui, D. Umphress\",\"doi\":\"10.1145/3442520.3442530\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Container (or containerization) as one of the new concepts of virtualization, has attracted increasing attention and occupied a considerable amount of market size owing to the inherent lightweight characteristic. However, the lightweight advantage is achieved at the price of the security. Attacks against weak isolation of the container have been reported, and the use of a shared kernel is another targeted vulnerable point. This work aims to provide secure monitoring of containerized applications, which can help i) the infrastructure owner to ensure the running application is harmless, ii) the application owner to detect anomalous behaviors. We propose to use unsupervised introspection tools to perform the non-intrusive monitoring, which leverages the system call traces to classify the anomalies. Since the traditional dataset used for anomaly detection either only focus on network traces or limited to few attributes of system calls, we crafted and collected various normal and abnormal behaviors of a containerized application, and an optimized and open-source system call based dataset has been built. Unsupervised machine learning classifiers are trained over the proposed dataset, a comprehensive case study has been performed and analyzed. The results show the feasibility of unsupervised introspection of containerized applications.\",\"PeriodicalId\":340416,\"journal\":{\"name\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3442520.3442530\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 10th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3442520.3442530","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Unsupervised Introspection of Containerized Application
Container (or containerization) as one of the new concepts of virtualization, has attracted increasing attention and occupied a considerable amount of market size owing to the inherent lightweight characteristic. However, the lightweight advantage is achieved at the price of the security. Attacks against weak isolation of the container have been reported, and the use of a shared kernel is another targeted vulnerable point. This work aims to provide secure monitoring of containerized applications, which can help i) the infrastructure owner to ensure the running application is harmless, ii) the application owner to detect anomalous behaviors. We propose to use unsupervised introspection tools to perform the non-intrusive monitoring, which leverages the system call traces to classify the anomalies. Since the traditional dataset used for anomaly detection either only focus on network traces or limited to few attributes of system calls, we crafted and collected various normal and abnormal behaviors of a containerized application, and an optimized and open-source system call based dataset has been built. Unsupervised machine learning classifiers are trained over the proposed dataset, a comprehensive case study has been performed and analyzed. The results show the feasibility of unsupervised introspection of containerized applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
