Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2023-23-3-538-546
A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes
Read the full article ';
Article in English
For citation:
Abstract
For citation:
Darwesh G., Hammoud J., Vorobeva A.A. A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2023, vol. 23, no. 3, pp. 538–546. doi: 10.17586/2226-1494-2023-23-3-538-546
Abstract
Kubernetes is a widely adopted open-source platform for managing containerized workloads and deploying applications in a microservices architecture. Despite its popularity, Kubernetes has faced numerous security challenges; deployments using Kubernetes are vulnerable to security risks. The current solutions for detecting anomalous behavior within a Kubernetes cluster lack real-time detection capabilities allowing hackers to exploit vulnerabilities and cause damage to production assets. This study aims to address these security concerns by proposing a new approach and novel agent to feature collection for anomaly detection in Kubernetes environment. It is proposed to use metrics (related to disk usage, CPU and network) collected by node exporter (Prometeus) directly from Kubernetes nodes. The simulation was conducted in a real-world production Kubernetes environment hosted on the Microsoft Azure, with results indicating the agent success in collecting 24 security metrics in a short amount of time. These metrics can be used to create a labeled time-series dataset of anomalies produced by microservices, enabling real-time detection of attacks based on the behavior of compromised nodes within the Kubernetes cluster. The proposed approach and developed agent for monitoring can be used to generate datasets for training anomaly detection models in the Kubernetes environment, based on artificial intelligence technologies, in real-time mode. The obtained results will be useful for researchers and specialists in the field of Kubernetes cybersecurity.
Keywords: Kubernetes, security, Kubernetes monitoring, attack detection, anomalies detection
References
References
-
Sultan S., Ahmad I., Dimitriou T. Container security: Issues, challenges, and the road ahead. IEEE Access, 2019, vol. 7, pp. 52976–52996. https://doi.org/10.1109/ACCESS.2019.2911732
-
Shamim Md.S.I., Bhuiyan F.A., Rahman A. XI Commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices. Proc. of the 2020 IEEE Secure Development (SecDev), 2020, pp. 58–64. https://doi.org/10.1109/SecDev45635.2020.00025
-
Darwesh G., Hammoud J., Vorobeva A.A. Security in kubernetes: best practices and security analysis. Bulletin of the Ural Federal District. Security in the Information Sphere, 2022, vol. 22, no. 2, pp. 63–69. https://doi.org/10.14529/SECUR220209
-
Mondal S.K., Pan R., Kabir H.M.D., Tian T., Dai H.N. Kubernetes in IT administration and serverless computing: An empirical study and research challenges. Journal of Supercomputing, 2022, vol. 78, no. 2, pp. 2937–2987. https://doi.org/10.1007/s11227-021-03982-3
-
Shamim S.I. Mitigating security attacks in kubernetes manifests for security best practices violation. Proc. of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2021, pp. 1689–1690. https://doi.org/10.1145/3468264.3473495
-
Yu D., Jin Y., Zhang Y., Zheng X. A survey on security issues in services communication of Microservices-enabled fog applications. Concurrency and Computation: Practice and Experience, 2019, vol. 31, no. 22, pp. e4436. https://doi.org/10.1002/CPE.4436
-
Lou J.-G., Fu Q., Yang S., Xu Y., Li J. Mining invariants from console logs for system problem detection. Proc. of the USENIX Annual Technical Conference, 2010, pp. 1–14.
-
Lin C.H., Tien C.W., Pao H.K. Efficient and effective NIDS for cloud virtualization environment. Proc. of the 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, 2012, pp. 249–254. https://doi.org/10.1109/cloudcom.2012.6427583
-
Gomez M.E. Full Packet Capture Infrastructure Based on Docker Containers. Tech. rep. SANS Institute InfoSec Reading Room. 2016.
-
Tien C.-W., Huang T.-Y., Tien C.-W., Huang T.-C., Kuo S.-Y. KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches. Engineering Reports, 2019, vol. 1, no. 5, pp. e12080. https://doi.org/10.1002/eng2.12080
-
Chang C.-C., Yang S.-R., Yeh E.-H., Lin P., Jeng J.-Y. A Kubernetes-based monitoring platform for dynamic cloud resource provisioning. Proc. of the GLOBECOM 2017 - 2017 IEEE Global Communications Conference, 2017, pp. 1–6. https://doi.org/10.1109/GLOCOM.2017.8254046
-
Shah J., Dubaria D. Building modern clouds: Using Docker, Kubernetes & Google Cloud Platform. Proc. of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), 2019, pp. 0184–0189. https://doi.org/10.1109/CCWC.2019.8666479
-
Song M., Zhang C., Haihong E. An auto scaling system for API Gateway based on Kubernetes. Proc. of the 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS), 2018, pp. 109–112. https://doi.org/10.1109/ICSESS.2018.8663784
-
Burns B., Grant B., Oppenheimer D., Brewer E., Wilkes J. Borg, Omega, and Kubernetes. Queue, 2016, vol. 14, no. 1, pp. 70–93. https://doi.org/10.1145/2898442.2898444