Article: Resilient intrusion detection system for cloud containers Journal: International Journal of Communication Networks and Distributed Systems (IJCNDS) 2020 Vol.24 No.1 pp.1 - 22 Abstract: The lightweight virtualisation and isolated execution offered by Linux containers qualify it to be the dominant virtualisation platform for cloud-based applications. The fact that Linux containers run on the same host while sharing the same kernel opens the door for new attacks. However, limited research has been conducted in the area of securing cloud containers. This paper presents a resilient intrusion detection and resolution system for cloud-based containers. The system relies on two main pillars, a real-time smart behaviour monitoring mechanism to detect maliciously behaving containers, and a moving-target defence approach that applies runtime container migration to quarantine such containers and to minimise attack dispersion. To avoid zero-day targeted attacks, the system also induces random live migrations between running containers to obfuscate its execution behaviour. Such obfuscation makes it harder for attackers to execute their targeted attacks. The system was tested by a big-data application using a container-based Apache Hadoop cluster to demonstrate the system's ability to automatically deploy, monitor, detect, and respond to maliciously behaving applications by live migration or by rolling back the container to a safe state. Results showed that the proposed system efficiently ensure safe and secure container operation. Inderscience Publishers - linking academia, business and industry through research

Title: Resilient intrusion detection system for cloud containers

Authors: Amr S. Abed; Mohamed Azab; Charles Clancy; Mona S. Kashkoush

Addresses: Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USA ' Informatics Research Institute, The City of Scientific Research and Technological Applications, Alexandria, Egypt ' Hume Center for National Security and Technology, Virginia Tech, Arlington, VA, USA ' Informatics Research Institute, The City of Scientific Research and Technological Applications, Alexandria, Egypt

Abstract: The lightweight virtualisation and isolated execution offered by Linux containers qualify it to be the dominant virtualisation platform for cloud-based applications. The fact that Linux containers run on the same host while sharing the same kernel opens the door for new attacks. However, limited research has been conducted in the area of securing cloud containers. This paper presents a resilient intrusion detection and resolution system for cloud-based containers. The system relies on two main pillars, a real-time smart behaviour monitoring mechanism to detect maliciously behaving containers, and a moving-target defence approach that applies runtime container migration to quarantine such containers and to minimise attack dispersion. To avoid zero-day targeted attacks, the system also induces random live migrations between running containers to obfuscate its execution behaviour. Such obfuscation makes it harder for attackers to execute their targeted attacks. The system was tested by a big-data application using a container-based Apache Hadoop cluster to demonstrate the system's ability to automatically deploy, monitor, detect, and respond to maliciously behaving applications by live migration or by rolling back the container to a safe state. Results showed that the proposed system efficiently ensure safe and secure container operation.

Keywords: cloud security; intrusion detection; behaviour modelling; resilience; Linux container; moving-target defence; MTD.

DOI: 10.1504/IJCNDS.2020.103857

International Journal of Communication Networks and Distributed Systems, 2020 Vol.24 No.1, pp.1 - 22

Received: 12 Dec 2017
Accepted: 19 Apr 2018
Published online: 02 Dec 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Resilient intrusion detection system for cloud containers

Keep up-to-date