摘要
容器技术由于其轻量级虚拟化的特点,已成为云平台中广泛使用的虚拟化技术,但它与宿主机共享内核,安全性和隔离性较差,易遭受泛洪、拒绝服务、逃逸攻击。为了有效检测容器是否遭受攻击,提出了一种基于主机系统调用频率的入侵检测方法,该方法利用不同攻击行为之间系统调用频率不同的特点,收集容器运行时产生的系统调用,结合滑动窗口和TF-IDF算法提取系统调用特征,通过对比特征相似度进行分类。通过实验验证,该方法的检测率可达97%,误报率低于4%。
Container technology has become a widely used virtualization technology in cloud platform due to its lightweight virtualization characteristics.However,it shares the kernel with the host,so it has poor security and isolation,and is vulnerable to flood,denial of service,and escape attacks.In order to effectively detect whether the container is attacked or not,an intrusion detection method based on host system call frequency was proposed.This method took advantage of the different frequency of system call between different attack behaviors,collected the system call generated when the container was running,extracted the system call features by combining the sliding window and TF-IDF algorithm,and classified by comparing the feature similarity.The experimental results show that the detection rate of this method can reach 97%,and the false alarm rate is less than 4%.
作者
季一木
杨卫东
李奎
刘尚东
刘强
邵思思
尤帅
黄乃娇
JI Yimu;YANG Weidong;LI Kui;LIU Shangdong;LIU Qiang;SHAO Sisi;YOU Shuai;HUANG Naijiao(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Nanjing Center of HPC,Nanjing 210023,China;Institute of High Performance Computing and Big Data Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Research Center for High Performance Computing and Intelligent Processing Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
出处
《网络与信息安全学报》
2021年第4期18-29,共12页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(62076139,61902194)
江苏省(高校)自然科学基金(BK20170900,19KJB520046,20KJA520001)
江苏省六大人才高峰项目(JY02)
之江实验室开放课题(2021KF0AB05)
南京邮电大学鼎山人才培养对象项目和南京邮电大学人才启动基金(NY219132)
江苏省研究生创新计划项目(KYCX19_0921,KYCX19_0906)。
