<div>
	A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes</div>

Ghadeer Darwesh , Hammoud Jaafar , Vorobeva Alisa A.

2023 , VOLUME 23, NUMBER 3 ( March-April )

ISSN 2226-1494 (print), ISSN 2500-0373 (online)

Publications

Editor-in-Chief

Nikiforov
Vladimir O.
D.Sc., Prof.

Partners

doi: 10.17586/2226-1494-2023-23-3-538-546

A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes

G. Darwesh, H. Jaafar, A. A. Vorobeva

Read the full article

Article in English

For citation:

Darwesh G., Hammoud J., Vorobeva A.A. A novel approach to feature collection for anomaly detection in Kubernetes environment and agent for metrics collection from Kubernetes nodes. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2023, vol. 23, no. 3, pp. 538–546. doi: 10.17586/2226-1494-2023-23-3-538-546

Abstract

Kubernetes is a widely adopted open-source platform for managing containerized workloads and deploying applications in a microservices architecture. Despite its popularity, Kubernetes has faced numerous security challenges; deployments using Kubernetes are vulnerable to security risks. The current solutions for detecting anomalous behavior within a Kubernetes cluster lack real-time detection capabilities allowing hackers to exploit vulnerabilities and cause damage to production assets. This study aims to address these security concerns by proposing a new approach and novel agent to feature collection for anomaly detection in Kubernetes environment. It is proposed to use metrics (related to disk usage, CPU and network) collected by node exporter (Prometeus) directly from Kubernetes nodes. The simulation was conducted in a real-world production Kubernetes environment hosted on the Microsoft Azure, with results indicating the agent success in collecting 24 security metrics in a short amount of time. These metrics can be used to create a labeled time-series dataset of anomalies produced by microservices, enabling real-time detection of attacks based on the behavior of compromised nodes within the Kubernetes cluster. The proposed approach and developed agent for monitoring can be used to generate datasets for training anomaly detection models in the Kubernetes environment, based on artificial intelligence technologies, in real-time mode. The obtained results will be useful for researchers and specialists in the field of Kubernetes cybersecurity.

Keywords: Kubernetes, security, Kubernetes monitoring, attack detection, anomalies detection

References

Sultan S., Ahmad I., Dimitriou T. Container security: Issues, challenges, and the road ahead. IEEE Access, 2019, vol. 7, pp. 52976–52996. https://doi.org/10.1109/ACCESS.2019.2911732
Shamim Md.S.I., Bhuiyan F.A., Rahman A. XI Commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices. Proc. of the 2020 IEEE Secure Development (SecDev), 2020, pp. 58–64. https://doi.org/10.1109/SecDev45635.2020.00025
Darwesh G., Hammoud J., Vorobeva A.A. Security in kubernetes: best practices and security analysis. Bulletin of the Ural Federal District. Security in the Information Sphere, 2022, vol. 22, no. 2, pp. 63–69. https://doi.org/10.14529/SECUR220209
Mondal S.K., Pan R., Kabir H.M.D., Tian T., Dai H.N. Kubernetes in IT administration and serverless computing: An empirical study and research challenges. Journal of Supercomputing, 2022, vol. 78, no. 2, pp. 2937–2987. https://doi.org/10.1007/s11227-021-03982-3
Shamim S.I. Mitigating security attacks in kubernetes manifests for security best practices violation. Proc. of the 29^th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2021, pp. 1689–1690. https://doi.org/10.1145/3468264.3473495
Yu D., Jin Y., Zhang Y., Zheng X. A survey on security issues in services communication of Microservices-enabled fog applications. Concurrency and Computation: Practice and Experience, 2019, vol. 31, no. 22, pp. e4436. https://doi.org/10.1002/CPE.4436
Lou J.-G., Fu Q., Yang S., Xu Y., Li J. Mining invariants from console logs for system problem detection. Proc. of the USENIX Annual Technical Conference, 2010, pp. 1–14.
Lin C.H., Tien C.W., Pao H.K. Efficient and effective NIDS for cloud virtualization environment. Proc. of the 4^th IEEE International Conference on Cloud Computing Technology and Science Proceedings, 2012, pp. 249–254. https://doi.org/10.1109/cloudcom.2012.6427583
Gomez M.E. Full Packet Capture Infrastructure Based on Docker Containers. Tech. rep. SANS Institute InfoSec Reading Room. 2016.
Tien C.-W., Huang T.-Y., Tien C.-W., Huang T.-C., Kuo S.-Y. KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches. Engineering Reports, 2019, vol. 1, no. 5, pp. e12080. https://doi.org/10.1002/eng2.12080
Chang C.-C., Yang S.-R., Yeh E.-H., Lin P., Jeng J.-Y. A Kubernetes-based monitoring platform for dynamic cloud resource provisioning. Proc. of the GLOBECOM 2017 - 2017 IEEE Global Communications Conference, 2017, pp. 1–6. https://doi.org/10.1109/GLOCOM.2017.8254046
Shah J., Dubaria D. Building modern clouds: Using Docker, Kubernetes & Google Cloud Platform. Proc. of the 2019 IEEE 9^th Annual Computing and Communication Workshop and Conference (CCWC), 2019, pp. 0184–0189. https://doi.org/10.1109/CCWC.2019.8666479
Song M., Zhang C., Haihong E. An auto scaling system for API Gateway based on Kubernetes. Proc. of the 2018 IEEE 9^th International Conference on Software Engineering and Service Science (ICSESS), 2018, pp. 109–112. https://doi.org/10.1109/ICSESS.2018.8663784
Burns B., Grant B., Oppenheimer D., Brewer E., Wilkes J. Borg, Omega, and Kubernetes. Queue, 2016, vol. 14, no. 1, pp. 70–93. https://doi.org/10.1145/2898442.2898444

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License