KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches
Kubernetes, which is the most popular orchestration platform for Docker containers, is used widely for developing microservices and automating Docker instance life cycle administration. Because of advancements in containerization technology, a single server can run multiple services and use hardware...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2019-12-01
|
| Series: | Engineering Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1002/eng2.12080 |
| id |
doaj-416f4e2bba0044aa8d6e8ace6313ff96 |
|---|---|
| record_format |
Article |
| spelling |
doaj-416f4e2bba0044aa8d6e8ace6313ff962020-11-25T02:06:22ZengWileyEngineering Reports2577-81962019-12-0115n/an/a10.1002/eng2.12080KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approachesChin‐Wei Tien0Tse‐Yung Huang1Chia‐Wei Tien2Ting‐Chun Huang3Sy‐Yen Kuo4Cybersecurity Technology Institute Institute for Information Industry Taipei Taiwan, ROCCybersecurity Technology Institute Institute for Information Industry Taipei Taiwan, ROCCybersecurity Technology Institute Institute for Information Industry Taipei Taiwan, ROCCybersecurity Technology Institute Institute for Information Industry Taipei Taiwan, ROCDepartment of Electrical Engineering National Taiwan University Taipei Taiwan, ROCKubernetes, which is the most popular orchestration platform for Docker containers, is used widely for developing microservices and automating Docker instance life cycle administration. Because of advancements in containerization technology, a single server can run multiple services and use hardware resources more efficiently. However, containerized environments also bring new challenges in terms of complete monitoring and security provision. Thus, hackers can exploit the security vulnerabilities of containers to gain remote control permissions and cause extensive damage to company assets. Therefore, in this study, we propose KubAnomaly, a system that provides security monitoring capabilities for anomaly detection on the Kubernetes orchestration platform. We develop a container monitoring module for Kubernetes and implement neural network approaches to create classification models that strengthen its ability to find abnormal behaviors such as web service attacks and common vulnerabilities and exposures attacks. We use three types of datasets to evaluate our system, including privately collected and publicly available datasets as well as real‐world experiment data. Furthermore, we demonstrate the effectiveness of KubAnomaly by comparing its accuracy with that of other machine learning algorithms. KubAnomaly is shown to achieve an overall accuracy of up to 96% for anomaly detection. It successfully identifies four real attacks carried out by hackers in September 2018. Moreover, its performance overhead is only 5% greater than that of current methods. In summary, KubAnomaly significantly improves container security by avoiding anomaly attacks.https://doi.org/10.1002/eng2.12080anomaly detectioncloud securitycontainer orchestrationcontainer securitymachine learningneural network |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Chin‐Wei Tien Tse‐Yung Huang Chia‐Wei Tien Ting‐Chun Huang Sy‐Yen Kuo |
| spellingShingle |
Chin‐Wei Tien Tse‐Yung Huang Chia‐Wei Tien Ting‐Chun Huang Sy‐Yen Kuo KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches Engineering Reports anomaly detection cloud security container orchestration container security machine learning neural network |
| author_facet |
Chin‐Wei Tien Tse‐Yung Huang Chia‐Wei Tien Ting‐Chun Huang Sy‐Yen Kuo |
| author_sort |
Chin‐Wei Tien |
| title |
KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches |
| title_short |
KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches |
| title_full |
KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches |
| title_fullStr |
KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches |
| title_full_unstemmed |
KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches |
| title_sort |
kubanomaly: anomaly detection for the docker orchestration platform with neural network approaches |
| publisher |
Wiley |
| series |
Engineering Reports |
| issn |
2577-8196 |
| publishDate |
2019-12-01 |
| description |
Kubernetes, which is the most popular orchestration platform for Docker containers, is used widely for developing microservices and automating Docker instance life cycle administration. Because of advancements in containerization technology, a single server can run multiple services and use hardware resources more efficiently. However, containerized environments also bring new challenges in terms of complete monitoring and security provision. Thus, hackers can exploit the security vulnerabilities of containers to gain remote control permissions and cause extensive damage to company assets. Therefore, in this study, we propose KubAnomaly, a system that provides security monitoring capabilities for anomaly detection on the Kubernetes orchestration platform. We develop a container monitoring module for Kubernetes and implement neural network approaches to create classification models that strengthen its ability to find abnormal behaviors such as web service attacks and common vulnerabilities and exposures attacks. We use three types of datasets to evaluate our system, including privately collected and publicly available datasets as well as real‐world experiment data. Furthermore, we demonstrate the effectiveness of KubAnomaly by comparing its accuracy with that of other machine learning algorithms. KubAnomaly is shown to achieve an overall accuracy of up to 96% for anomaly detection. It successfully identifies four real attacks carried out by hackers in September 2018. Moreover, its performance overhead is only 5% greater than that of current methods. In summary, KubAnomaly significantly improves container security by avoiding anomaly attacks. |
| topic |
anomaly detection cloud security container orchestration container security machine learning neural network |
| url |
https://doi.org/10.1002/eng2.12080 |
| work_keys_str_mv |
AT chinweitien kubanomalyanomalydetectionforthedockerorchestrationplatformwithneuralnetworkapproaches AT tseyunghuang kubanomalyanomalydetectionforthedockerorchestrationplatformwithneuralnetworkapproaches AT chiaweitien kubanomalyanomalydetectionforthedockerorchestrationplatformwithneuralnetworkapproaches AT tingchunhuang kubanomalyanomalydetectionforthedockerorchestrationplatformwithneuralnetworkapproaches AT syyenkuo kubanomalyanomalydetectionforthedockerorchestrationplatformwithneuralnetworkapproaches |
| _version_ |
1724934417171873792 |