| 摘要: | 在微服務架構盛行的當代,容器化應用程序面臨著前所未有的安全挑戰。本研究提出一種容器安全解決方案,主要透過監控與分析系統調用序列,對微服務容器的行為進行異常檢測。為了實現此目標,我們創建了一種專門收集微服務架構下容器行為的新資料集,名為遃遃遯遅遄。我們設計的解決方案架構包含了多個核心組件,包括系統調用監視器、資料庫和儀表板、解析器,以及異常檢測模型。其中,我們專注於利用機器學習技術,特別是無監督學習的自動編碼器,以增強對未知漏洞的偵測能力。此解決方案亦充分利用了容器化技術的優勢,確保其具備簡易性、可擴展性、易於採用和高度自動化等特點。我們的評估方法主要針對誤報率和平均檢測時間進行分析。實驗結果顯示,大部分容器的攻擊檢測表現達到預期。然而,有一個子集群的檢測時間略長,介於進逰逰至逳逰逰秒之間。我們對此提出了假設,認為漏洞的內在複雜性可能是影響檢測時間的主要因素。總的來說,本研究的成果為提升容器安全性提供了重要的指引,將有助於進一步完善微服務安全領域的研究。;In the current era where microservice architecture is prevalent, containerized applications are facing unprecedented security challenges. This research proposes a container security solution, mainly through the monitoring and analysis of system call sequences, to detect anomalies in the behavior of microservice containers. To achieve this goal, we created a new dataset specifically designed to collect behavior of containers under the microservice architecture, named CCoED.The framework of our proposed solution includes multiple core components, such as system call monitors, databases and dashboards, parsers, and an anomaly detection model. Among them, we focus on utilizing machine learning techniques, specifically unsupervised learning via autoencoders, to enhance the detection capability of unknown vulnerabilities. This solution also takes full advantage of the benefits of containerization technology, ensuring simplicity, scalability, ease of adoption, and a high degree of automation.Our evaluation methodology primarily focuses on the analysis of false alarm rate and average detection time. Experimental results show that the attack detection performance of most containers meets expectations. However, the detection time of one subset is slightly longer, ranging between 200 to 300 seconds. We hypothesize that the intrinsic complexity of vulnerabilities may be the main factor influencing detection time.In summary, the findings of this research provide important guidelines for enhancing container security, and will contribute to further refinement of research in the field of microservice security. |
