Enhancing Container Security Using Machine Learning Based on Kernel Tracing Logs 


Vol. 51,  No. 11, pp. 947-960, Nov.  2024
10.5626/JOK.2024.51.11.947


PDF

  Abstract

The use of container technology has been rapidly increasing as it gains attention in cloud environments. Containers are lighter and more advantageous for deployment than virtual machines because they do not require a separate operating system. However, containers can have security vulnerabilities due to their characteristic of sharing the same host kernel. In this paper, we designed and implemented a security system to address these vulnerabilities by using eBPF technology, kernel tracing logs, and an ensemble machine learning model. Our system can effectively detect attacks leveraging race conditions and the heap spray technique used in kernel memory vulnerabilities. Unlike traditional security policy-based approaches, it allows for rapid and dynamic responses without needing profile creation. For detecting attacks leveraging race conditions, the system achieved over 99% accuracy in Precision, Recall, and F1-Score, while it recorded over 97% accuracy across all metrics for heap spray detection.


  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

H. Shin, M. Jo, H. Yoo, Y. Lee, J. Lee, B. Tak, "Enhancing Container Security Using Machine Learning Based on Kernel Tracing Logs," Journal of KIISE, JOK, vol. 51, no. 11, pp. 947-960, 2024. DOI: 10.5626/JOK.2024.51.11.947.


[ACM Style]

Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Jiyeon Lee, and Byungchul Tak. 2024. Enhancing Container Security Using Machine Learning Based on Kernel Tracing Logs. Journal of KIISE, JOK, 51, 11, (2024), 947-960. DOI: 10.5626/JOK.2024.51.11.947.


[KCI Style]

신현석, 조민정, 유호상, 이용원, 이지연, 탁병철, "커널 트레이싱 로그를 활용한 머신러닝 기반 컨테이너 보안 강화," 한국정보과학회 논문지, 제51권, 제11호, 947~960쪽, 2024. DOI: 10.5626/JOK.2024.51.11.947.


[Endnote/Zotero/Mendeley (RIS)]  Download


[BibTeX]  Download



Search




Journal of KIISE

  • ISSN : 2383-630X(Print)
  • ISSN : 2383-6296(Electronic)
  • KCI Accredited Journal

Editorial Office

  • Tel. +82-2-588-9240
  • Fax. +82-2-521-1352
  • E-mail. chwoo@kiise.or.kr