Annual Computer Security Applications Conference 2020
DOI: 10.1145/3427228.3427236
|View full text |Cite
|
Sign up to set email alerts
|

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
7
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
1
1

Relationship

0
8

Authors

Journals

citations
Cited by 15 publications
(16 citation statements)
references
References 18 publications
0
7
0
Order By: Relevance
“…At the start of the 5th minute, the authors started the attack; some attacks caused the container to crash which ended the experiment, but for the rest, the attack completed and the experiment ran until the 7th minute. The authors compared their proposed framework against CDL [41], selfpatch, a supervised random forest approach and a supervised CNN. They used 41 real world attacks with assigned CVEs, encompassing 28 applications.…”
Section: Attack Detectionmentioning
confidence: 99%
See 1 more Smart Citation
“…At the start of the 5th minute, the authors started the attack; some attacks caused the container to crash which ended the experiment, but for the rest, the attack completed and the experiment ran until the 7th minute. The authors compared their proposed framework against CDL [41], selfpatch, a supervised random forest approach and a supervised CNN. They used 41 real world attacks with assigned CVEs, encompassing 28 applications.…”
Section: Attack Detectionmentioning
confidence: 99%
“…They used containerized applications with application vulnerabilities, not container-speci ic attacks. Lin et al [41] presented a classi ied distributed learning framework, namely CDL, to detect anomalies in containerized applications. The framework achieves anomaly detection in four major steps: system call feature extraction, application classi ication, system call data grouping, classi ied learning, and detection.…”
Section: Attack Detectionmentioning
confidence: 99%
“…Another method, called Classified Distributed Learning (CDL), which is developed by Lin et al [99], uses the machine learning algorithm to detect anomalous behaviour of the system calls and to raise an alert if it differs from the normal pattern. The system calls are collected from running containers and they are classified by application class using the random forest technique and subsequently grouped together.…”
Section: Minimise Administrative Privilegesmentioning
confidence: 99%
“…The system calls are collected from running containers and they are classified by application class using the random forest technique and subsequently grouped together. The autoencoder neural network is then used to train on the system calls data set and the model is applied to new system calls flow to detect anomalous behaviour [99]. The accuracy rate is 74% when applied to 24 commonly used applications with 33 known vulnerabilities.…”
Section: Minimise Administrative Privilegesmentioning
confidence: 99%
“…One noteworthy approach [1] utilizes the frequency of syscalls within a sliding window to define container behavior as ngram syscall sequences, and it then employs a mismatch-based threshold to detect anomalies. Another work [33] leverages machine learning techniques to model the frequency of syscalls in short time-based sequences. In a different approach, a recent work [14] combines machine learning and graph modeling to analyze the context around various syscall properties (e.g., frequency, arguments) to unveil abnormal behavior.…”
Section: Introductionmentioning
confidence: 99%