用于在线容器安全攻击检测的自监督机器学习框架

IF 2.2 4区计算机科学 Q3 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

ACM Transactions on Autonomous and Adaptive Systems Pub Date : 2024-05-28 DOI:10.1145/3665795

Olufogorehan Tunde-Onadele, Yuhang Lin, Xiaohui Gu, Jingzhu He, Hugo Latapie

{"title":"用于在线容器安全攻击检测的自监督机器学习框架","authors":"Olufogorehan Tunde-Onadele, Yuhang Lin, Xiaohui Gu, Jingzhu He, Hugo Latapie","doi":"10.1145/3665795","DOIUrl":null,"url":null,"abstract":"<p>Container security has received much research attention recently. Previous work has proposed to apply various machine learning techniques to detect security attacks in containerized applications. On one hand, supervised machine learning schemes require sufficient labeled training data to achieve good attack detection accuracy. On the other hand, unsupervised machine learning methods are more practical by avoiding training data labeling requirements, but they often suffer from high false alarm rates. In this paper, we present a generic self-supervised hybrid learning (SHIL) framework for achieving efficient online security attack detection in containerized systems. SHIL can effectively combine both unsupervised and supervised learning algorithms but does not require any manual data labeling. We have implemented a prototype of SHIL and conducted experiments over 46 real world security attacks in 29 commonly used server applications. Our experimental results show that SHIL can reduce false alarms by 33-93% compared to existing supervised, unsupervised, or semi-supervised machine learning schemes while achieving a higher or similar detection rate.</p>","PeriodicalId":50919,"journal":{"name":"ACM Transactions on Autonomous and Adaptive Systems","volume":"43 1","pages":""},"PeriodicalIF":2.2000,"publicationDate":"2024-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Self-Supervised Machine Learning Framework for Online Container Security Attack Detection\",\"authors\":\"Olufogorehan Tunde-Onadele, Yuhang Lin, Xiaohui Gu, Jingzhu He, Hugo Latapie\",\"doi\":\"10.1145/3665795\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Container security has received much research attention recently. Previous work has proposed to apply various machine learning techniques to detect security attacks in containerized applications. On one hand, supervised machine learning schemes require sufficient labeled training data to achieve good attack detection accuracy. On the other hand, unsupervised machine learning methods are more practical by avoiding training data labeling requirements, but they often suffer from high false alarm rates. In this paper, we present a generic self-supervised hybrid learning (SHIL) framework for achieving efficient online security attack detection in containerized systems. SHIL can effectively combine both unsupervised and supervised learning algorithms but does not require any manual data labeling. We have implemented a prototype of SHIL and conducted experiments over 46 real world security attacks in 29 commonly used server applications. Our experimental results show that SHIL can reduce false alarms by 33-93% compared to existing supervised, unsupervised, or semi-supervised machine learning schemes while achieving a higher or similar detection rate.</p>\",\"PeriodicalId\":50919,\"journal\":{\"name\":\"ACM Transactions on Autonomous and Adaptive Systems\",\"volume\":\"43 1\",\"pages\":\"\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2024-05-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Autonomous and Adaptive Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3665795\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Autonomous and Adaptive Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3665795","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

最近，容器安全受到了很多研究的关注。以往的工作提出应用各种机器学习技术来检测容器化应用中的安全攻击。一方面，有监督机器学习方案需要足够多的标注训练数据，才能达到良好的攻击检测精度。另一方面，无监督机器学习方法避免了训练数据标记的要求，因而更加实用，但它们往往存在误报率高的问题。本文提出了一种通用的自监督混合学习（SHIL）框架，用于在容器化系统中实现高效的在线安全攻击检测。SHIL 可以有效结合无监督和有监督学习算法，但不需要任何人工数据标记。我们已经实现了SHIL的原型，并在29个常用服务器应用程序中对46个真实世界的安全攻击进行了实验。实验结果表明，与现有的有监督、无监督或半监督机器学习方案相比，SHIL 可将误报率降低 33-93%，同时实现更高或类似的检测率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Self-Supervised Machine Learning Framework for Online Container Security Attack Detection

Container security has received much research attention recently. Previous work has proposed to apply various machine learning techniques to detect security attacks in containerized applications. On one hand, supervised machine learning schemes require sufficient labeled training data to achieve good attack detection accuracy. On the other hand, unsupervised machine learning methods are more practical by avoiding training data labeling requirements, but they often suffer from high false alarm rates. In this paper, we present a generic self-supervised hybrid learning (SHIL) framework for achieving efficient online security attack detection in containerized systems. SHIL can effectively combine both unsupervised and supervised learning algorithms but does not require any manual data labeling. We have implemented a prototype of SHIL and conducted experiments over 46 real world security attacks in 29 commonly used server applications. Our experimental results show that SHIL can reduce false alarms by 33-93% compared to existing supervised, unsupervised, or semi-supervised machine learning schemes while achieving a higher or similar detection rate.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Transactions on Autonomous and Adaptive Systems 工程技术-计算机：理论方法

CiteScore

4.80

自引率

7.40%

发文量

审稿时长

>12 weeks

期刊介绍： TAAS addresses research on autonomous and adaptive systems being undertaken by an increasingly interdisciplinary research community -- and provides a common platform under which this work can be published and disseminated. TAAS encourages contributions aimed at supporting the understanding, development, and control of such systems and of their behaviors. TAAS addresses research on autonomous and adaptive systems being undertaken by an increasingly interdisciplinary research community - and provides a common platform under which this work can be published and disseminated. TAAS encourages contributions aimed at supporting the understanding, development, and control of such systems and of their behaviors. Contributions are expected to be based on sound and innovative theoretical models, algorithms, engineering and programming techniques, infrastructures and systems, or technological and application experiences.