Container Escape Detection for Edge Devices

Pope, James; Raimondo, Francesco Di; Kumar, Dhilip; McConville, Ryan; Piechocki, Rob; Oikonomou, George; Pasquier, Thomas; Luo, Bo; Howarth, Dan; Mavromatis, Ioannis; Carnelli, Pietro; Sanchez-Mompo, Adrian; Spyridopoulos, Theodoros; Khan, Aftab

doi:10.1145/3485730.3494114

Cited by 6 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In their work, Pope et al [34] introduce a new dataset derived from the Linux Auditing System, which contains both malicious and benign examples of container activity. This dataset is the irst of its kind to focus on kernel-based container escapes and includes attacks such as denial-ofservice and privilege escalation.…”

Section: Intrusion Detectionmentioning

confidence: 99%

See 1 more Smart Citation

AI-driven container security approaches for 5G and beyond: A survey

Taha¹,

Kuru²,

Sever³

et al. 2023

ITU J-FET

View full text Add to dashboard Cite

The rising use of microservice-based software deployment on the cloud leverages containerized software extensively. The security of applications running inside containers, as well as the container environment itself, are critical for infrastructure in cloud settings and 5G. To address security concerns, research efforts have been focused on container security with subfields such as intrusion detection, malware detection and container placement strategies. These security efforts are roughly divided into two categories: rule-based approaches and machine learning that can respond to novel threats. In this study, we survey the container security literature focusing on approaches that leverage machine learning to address security challenges.

show abstract

Section: Intrusion Detectionmentioning

confidence: 99%

“…Lower true positive rates for certain attacks like Backdoor, SQL Injection, and Brute Force Login. [34] Annotated container-escape dataset and real-world edge device with simulated VM.…”

Section: Work Advantagementioning

confidence: 99%

AI-driven container security approaches for 5G and beyond: A survey

Taha¹,

Kuru²,

Sever³

et al. 2023

ITU J-FET

View full text Add to dashboard Cite

show abstract

“…A new dataset collected from the Linux Auditing System is presented by [16]. and includes instances of container activity that are both harmful and helpful.…”

Section: Literature Reviewmentioning

confidence: 99%

Container Security Intelligence: Leveraging Machine Learning for Anomaly Detection in Containerized Applications

V. Mahavaishnavi, Dr. R. Saminathan, R. Prithviraj

2023

tjjpt

View full text Add to dashboard Cite

This research explores the application of Machine Learning (ML) techniques for anomaly detection in containerized applications. The proposed approach utilizes by applying machine learning techniques for anomaly detection in containerized applications. The proposed methodology integrates container runtime metrics, system call analysis, and network traffic patterns to build a predictive model capable of identifying abnormal behavior within containers. To evaluate the effectiveness of this approach, extensive experiments were conducted using real-world containerized applications and datasets. The experiment focused on assessing the accuracy of anomaly detection and the computational efficiency of the proposed model. The results demonstrated that this approach achieved a remarkable accuracy rate of 95% in detecting anomalies, while maintaining high computational efficiency, with minimal overhead on the container runtime environment. This research contributes valuable insights into bolstering the security of containerized applications, offering practical solutions for real-world deployment scenarios. The research also evaluates the accuracy and efficiency of the proposed approach and discusses its potential impact on enhancing container security in real-world scenarios.

show abstract

“…However, this approach also has some major disadvantages. In the case of eBPF, installation of a new forwarding program is accomplished by invoking the bpf() syscall, uses of which may be monitored by a service such as auditd [31] to check for unauthorised program installations. This could be particularly problematic for an attacker without root privileges (e.g.…”

Section: B Program Injection Considerationsmentioning

confidence: 99%

Investigating the Vulnerability of Programmable Data Planes to Static Analysis-Guided Attacks

Black

Scott-Hayward

2022

2022 IEEE 8th International Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

Programmable network data planes are paving the way for networking innovations, with the ability to perform complex, stateful tasks defined in high-level languages such as P4. The enhanced capabilities of programmable data plane devices has made verification of their runtime behaviour, using established methods such as probe packets, impossible to scale beyond probabilistic detection. This has created a potential opportunity for an attacker, with access to a compromised device, to subtly alter its forwarding program to mishandle only a small subset of packets, evading probabilistic detection. In practice, such subtle binary instrumentation attacks require extensive knowledge of the forwarding program, yet it is unclear whether a static analysis of compiled P4 programs to obtain this knowledge can be fast and accurate enough for an on-device attack scenario. In this work, we investigate this possibility by implementing a static analysis of P4 programs compiled to BPF bytecode. This analysis gathers sufficient information for the attacker to identify appropriate (reliably correct) edits to the program. We found that, due to predictable compiler behaviours, our analysis remains accurate even when several program behaviours are abstracted away. Our evaluation of the analysis requirements shows that, from a defensive perspective, there is scope for selectively manipulating those instructions in P4-BPF programs that are critical to attack-focused analysis in order to increase its difficulty, without increasing the number of program instructions.

show abstract

Container Escape Detection for Edge Devices

Cited by 6 publications

References 5 publications

AI-driven container security approaches for 5G and beyond: A survey

AI-driven container security approaches for 5G and beyond: A survey

Container Security Intelligence: Leveraging Machine Learning for Anomaly Detection in Containerized Applications

Investigating the Vulnerability of Programmable Data Planes to Static Analysis-Guided Attacks

Contact Info

Product

Resources

About