نهج هجين استباقي لتأمين أنظمة الحاويات يدمج مراقبة النواة العميقة مع تصنيف التعلم الآلي ثنائي المراحل
DOI:
https://doi.org/10.65405/gme4zy77الكلمات المفتاحية:
Container Security, eBPF, Container Escape, Two-Stage Machine Learning, Google Colab, Anomaly Detection, Cloud Computingالملخص
With the rapid evolution of container technologies in modern cloud computing architectures, container breakouts constitute a serious threat, as they exploit security vulnerabilities in shared isolation at the operating system kernel level. Traditional detection systems often lack kernel-level visibility, requiring operating system kernel monitoring for real-time analysis. This paper presents a hybrid protection framework that combines operating system kernel monitoring (eBPF) with accelerated cloud processing via Google Colab. The proposed system employs a multilayer detection mechanism, a lightweight behavioral rule layer for initial filtering, followed by a two-stage machine learning process. This latter stage includes an autoencoder model for anomaly detection and a random forest model for final classification. The experimental results achieved a classification accuracy of 96.8% and an F1-score of 96.3%, indicating a promising balance between precision and recall. The system also achieved an overall response time of 19.32 ms, with CPU resource consumption of less than 4.2%. These results indicate the effectiveness of the architectural separation between a low-level monitoring layer and a cloud-based analytics layer, providing a practical model for proactive defense systems in high-density container environments.
التنزيلات
المراجع
[1] D. Bernstein, "Containers and Cloud: From LXC to Docker to Kubernetes," IEEE Cloud Computing, vol. 1, no. 3, pp. 81-84, Sept. 2014.
[2] T. Combe, A. Martin, and R. Di Pietro, "To Docker or Not to Docker: A Security Perspective," IEEE Cloud Computing, vol. 3, no. 5, pp. 54-62, Sept.-Oct. 2016.
[3] M. Mullinix and T. R. Andel, "On Security Measures for Containerized Applications Imaged with Docker," arXiv preprint arXiv:2008.04814, 2020.
[4] P. Mishra, E. S. Pilli, V. Varadharajan, and U. Tupakula, "Intrusion detection techniques in cloud environment: A survey," Journal of Network and Computer Applications, vol. 222, 2024.
[5] L. G. P. M. de Oliveira et al., "eBPF for Security: A Survey and Taxonomy," ACM Computing Surveys, vol. 55, no. 1, art. no. 16, pp. 1-38, 2022.
[6] M. Ţălu, "DDoS Mitigation in Kubernetes: A Review of Extended Berkeley Packet Filtering and eXpress Data Path Technologies," Jurnal Ilmiah Teknologi Informasi, vol. 23, no. 2, 2025.
[7] M. S. Siddiqui, "The Data Explosion in Security Monitoring: Challenges and Opportunities," Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 450-465, 2022.
[8] I. G. S. M. G. Seneviratne, "Kernel-level Observability with eBPF for Security Analytics," Journal of Network and Computer Applications, vol. 215, art. no. 103634, 2023.
[9] Y. Chen et al., "Anomaly Detection in Cloud Systems using Deep Learning: A Systematic Review," IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1789-1820, 2023.
[10] G. Wang, "Accelerating Machine Learning for Cybersecurity with GPU-enabled Cloud Environments," Future Generation Computer Systems, vol. 132, pp. 102-115, 2022.
[11] Z. Ahmed and S. K. Sood, "A Two-stage Hybrid Framework for Container Security in Edge-Cloud Continuum," Computer Communications, vol. 185, pp. 45-58, 2024.
[12] H. Kim et al., "eBPF-based Cryptojacking Detection in Container Environments using Machine Learning," Journal of Information Security and Applications, vol. 80, art. no. 103622, 2024.
[13] S. Ryu et al., "Hybrid Intrusion Detection for Containerized Microservices using eBPF and Random Forest," Sensors, vol. 24, no. 2, art. no. 542, 2024.
[14] M. Abbas et al., "Provenance-based Container Escape Detection: A Graph-based Approach," IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2415-2430, 2022.
[15] I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. Cambridge, MA, USA: MIT Press, 2016.
[16] J. Kane and K. Sayers, Docker in Practice, 2nd ed. Shelter Island, NY, USA: Manning Publications, 2019.
[17] T. Hastie, R. Tibshirani, and J. Friedman, The Elements of Statistical Learning. New York, NY, USA: Springer, 2009.
[18] "CVE-2019-5736 (runc escape)," National Vulnerability Database. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2019-5736
[19] "CVE-2024-21626 (runc fd leak)," National Vulnerability Database. [Online]. Available:
https://nvd.nist.gov/vuln/detail/CVE-2024-21626.
[20] "CVE-2022-0492 (cgroup escape)," National Vulnerability Database. [Online]. Available:
https://nvd.nist.gov/vuln/detail/CVE-2022-0492
[21] S. T. King and P. M. Chen, "Backtracking intrusions," in Proc. ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY, USA, 2003, pp. 223-236.
[22] T. Pasquier et al., "Practical whole-system provenance capture," in Proc. ACM Symposium on Cloud Computing (SoCC), Santa Clara, CA, USA, 2017, pp. 405-418.
[23] W. U. Hassan et al., "Nodoze: Combatting threat alert fatigue with automated provenance triage," in Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2019.
[24] M. Reeves et al., "Towards improving container security by preventing runtime escapes," in Proc. IEEE Secure Development Conference (SecDev), Atlanta, GA, USA, 2021, pp. 45-52.
[25] K. McDonough et al., "Torpedo: A fuzzing framework for discovering adversarial container workloads," in Proc. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Baltimore, MD, USA, 2022, pp. 234-245.
[26] Docker Inc., "Docker overview," Docker Documentation. [Online]. Available: https://docs.docker.com/get-started/overview/
[27] eBPF.io, "eBPF: Unlocking the Kernel," eBPF Project. [Online]. Available: https://ebpf.io/
[28] "Breaking out of Docker via runC – Explaining CVE-2019-5736," Unit42, Palo Alto Networks. [Online]. Available: https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/
[29] "NVD - National Vulnerability Database," NIST. [Online]. Available: https://nvd.nist.gov/
التنزيلات
منشور
إصدار
القسم
الرخصة
الحقوق الفكرية (c) 2026 مجلة العلوم الشاملة
هذا العمل مرخص بموجب Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
