In EDS ansehen

Gespeichert in:

Bibliographische Detailangaben
Titel:	ÐÐ±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ðµ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ CI/CD Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸ÐµÐ¼ ÑÐµÑ Ð½Ð¾Ð»Ð¾Ð³Ð¸Ð¸ eBPF: Ð²ÑÐ¿ÑÑÐºÐ½Ð°Ñ ÐºÐ²Ð°Ð»Ð¸ÑÐ¸ÐºÐ°ÑÐ¸Ð¾Ð½Ð½Ð°Ñ ÑÐ°Ð±Ð¾ÑÐ° ÑÐ¿ÐµÑÐ¸Ð°Ð»Ð¸ÑÑÐ°
Verlagsinformationen:	Ð¡Ð°Ð½ÐºÑ-ÐÐµÑÐµÑÐ±ÑÑÐ³ÑÐºÐ¸Ð¹ Ð¿Ð¾Ð»Ð¸ÑÐµÑÐ½Ð¸ÑÐµÑÐºÐ¸Ð¹ ÑÐ½Ð¸Ð²ÐµÑÑÐ¸ÑÐµÑ ÐÐµÑÑÐ° ÐÐµÐ»Ð¸ÐºÐ¾Ð³Ð¾, 2025.
Publikationsjahr:	2025
Schlagwörter:	Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð°Ñ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÑ, ÑÐ¸ÑÑÐµÐ¼Ð½ÑÐµ Ð²ÑÐ·Ð¾Ð²Ñ, malicious activity, ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÑ ci/cd, ÐºÐ¾Ð½ÑÐµÐ¹Ð½ÐµÑÐ½ÑÐµ ÑÐ¸ÑÑÐµÐ¼Ñ, syscalls, ci/cd pipelines, container systems, Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ðµ Ð°Ð½Ð¾Ð¼Ð°Ð»Ð¸Ð¹, ebpf, devsecops, anomaly detection
Beschreibung:	Ð¦ÐµÐ»ÑÑ ÑÐ°Ð±Ð¾ÑÑ ÑÐ²Ð»ÑÐµÑÑÑ Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ðµ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ CI/CD Ð½Ð° Ð¾ÑÐ½Ð¾Ð²Ðµ Ð´Ð°Ð½Ð½ÑÑ, Ð¿Ð¾Ð»ÑÑÐ°ÐµÐ¼ÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑÐµÑÐ½Ð¾Ð»Ð¾Ð³Ð¸Ð¸ eBPF. ÐÑÐµÐ´Ð¼ÐµÑÐ¾Ð¼ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ ÑÐ²Ð»ÑÑÑÑÑ ÑÐ¾Ð²ÑÐµÐ¼ÐµÐ½Ð½ÑÐµ Ð¿Ð¾Ð´ÑÐ¾Ð´Ñ Ðº Ð²ÑÑÐ²Ð»ÐµÐ½Ð¸Ñ Ð°ÑÐ°Ðº Ð¸ Ð°Ð½Ð¾Ð¼Ð°Ð»Ð¸Ð¹, Ð¿ÑÐ¾Ð¸ÑÑÐ¾Ð´ÑÑÐ¸Ñ Ð²Ð¾ Ð²ÑÐµÐ¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ° CI/CD. ÐÐ°Ð´Ð°ÑÐ¸, ÑÐµÑÐ°ÐµÐ¼ÑÐµ Ð² ÑÐ¾Ð´Ðµ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ: 1. ÐÐ¿ÑÐµÐ´ÐµÐ»Ð¸ÑÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÐ¸ Ð½Ð°ÑÑÑÐ¸ÑÐµÐ»Ñ Ð¸ Ð°ÐºÑÑÐ°Ð»ÑÐ½ÑÐµ ÑÐ³ÑÐ¾Ð·Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ Ð´Ð»Ñ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD. 2. ÐÑÑÐ²Ð¸ÑÑ Ð¾Ð³ÑÐ°Ð½Ð¸ÑÐµÐ½Ð¸Ñ ÑÑÐµÐ´ÑÑÐ² Ð·Ð°ÑÐ¸ÑÑ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD Ð¸ Ð¿ÐµÑÑÐ¿ÐµÐºÑÐ¸Ð²Ð½ÑÐµ Ð¿Ð¾Ð´ÑÐ¾Ð´Ñ Ðº Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸. 3. ÐÑÐµÐ´Ð»Ð¾Ð¶Ð¸ÑÑ ÑÐ¿Ð¾ÑÐ¾Ð± Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ CI/CD Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸ÐµÐ¼ ÑÐµÑÐ½Ð¾Ð»Ð¾Ð³Ð¸Ð¸ eBPF Ð¸ Ð¿Ð¾Ð²ÐµÐ´ÐµÐ½ÑÐµÑÐºÐ¾Ð³Ð¾ Ð°Ð½Ð°Ð»Ð¸Ð·Ð°. 4. Ð ÐµÐ°Ð»Ð¸Ð·Ð¾Ð²Ð°ÑÑ Ð¿ÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð½ÑÐ¹ Ð¿ÑÐ¾ÑÐ¾ÑÐ¸Ð¿ Ð¸ Ð¿ÑÐ¾Ð²ÐµÑÑÐ¸ ÑÐºÑÐ¿ÐµÑÐ¸Ð¼ÐµÐ½ÑÐ°Ð»ÑÐ½ÑÑ Ð¿ÑÐ¾Ð²ÐµÑÐºÑ Ð¿ÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½Ð½Ð¾Ð³Ð¾ ÑÐ¿Ð¾ÑÐ¾Ð±Ð°. Ð ÑÐ¾Ð´Ðµ ÑÐ°Ð±Ð¾ÑÑ Ð±ÑÐ»Ð° Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð° ÑÐ¸ÑÑÐµÐ¼Ñ ÑÐ±Ð¾ÑÐºÐ¸ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD, Ð¿Ð¾ÐºÐ°Ð·Ð°Ð½Ð° Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð·Ð°Ð¼ÐµÐ½ÑÐµÐ¼Ð¾ÑÑÑ ÑÐ¸ÑÑÐµÐ¼. ÐÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½Ñ ÑÐ¸Ð¿Ñ Ð½Ð°ÑÑÑÐ¸ÑÐµÐ»Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐµ CI/CD, ÑÐ¾ÑÑÐ°Ð²Ð»ÐµÐ½ ÑÐ¿Ð¸ÑÐ¾Ðº Ð°ÐºÑÑÐ°Ð»ÑÐ½ÑÑ ÑÐ³ÑÐ¾Ð·. ÐÐ¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ñ Ð¾Ð³ÑÐ°Ð½Ð¸ÑÐµÐ½Ð¸Ñ ÑÑÐµÐ´ÑÑÐ² Ð·Ð°ÑÐ¸ÑÑ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð². Ð ÐµÐ°Ð»Ð¸Ð·Ð¾Ð²Ð°Ð½Ñ Ð°ÑÐ°ÐºÐ¸ Ð½Ð° ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑ, ÑÐ¾Ð±ÑÐ°Ð½ Ð½Ð°Ð±Ð¾Ñ Ð´Ð°Ð½Ð½ÑÑ Ð´Ð»Ñ ÑÐµÑÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð¸Ñ. Ð ÑÐµÐ·ÑÐ»ÑÑÐ°ÑÐµ ÑÐ°Ð±Ð¾ÑÑ Ð¿ÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½ ÐºÐ¾Ð¼Ð±Ð¸Ð½Ð¸ÑÐ¾Ð²Ð°Ð½Ð½ÑÐ¹ ÑÐ¿Ð¾ÑÐ¾Ð± Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð¿Ð¾ÑÐµÐ½ÑÐ¸Ð°Ð»ÑÐ½Ð¾ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ. ÐÐºÑÐ¿ÐµÑÐ¸Ð¼ÐµÐ½ÑÐ°Ð»ÑÐ½Ð¾ Ð¿ÑÐ¾Ð´ÐµÐ¼Ð¾Ð½ÑÑÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð° ÑÐ¾ÑÐ½Ð¾ÑÑÑ Ð¸ ÑÐ°Ð±Ð¾ÑÐ¾ÑÐ¿Ð¾ÑÐ¾Ð±Ð½Ð¾ÑÑÑ ÑÐ¿Ð¾ÑÐ¾Ð±Ð°. ÐÐ¾Ð»ÑÑÐµÐ½Ð½ÑÐµ ÑÐµÐ·ÑÐ»ÑÑÐ°ÑÑ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ñ Ð´Ð»Ñ Ð²Ð½ÐµÐ´ÑÐµÐ½Ð¸Ñ Ð² ÑÑÐµÐ´ÑÑÐ²Ð° Ð·Ð°ÑÐ¸ÑÑ ÑÐ±Ð¾ÑÑÐ¸ÐºÐ¾Ð² Ð¸ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ð¹ Ð² Ð¾Ð±Ð»Ð°ÑÑÐ¸ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð². The purpose of the study is to detect malicious activity in CI/CD pipelines using data collected through eBPF. The subject of the work is modern approaches to detecting attacks and anomalies that occur during the execution of a CI/CD pipeline. The research sets the following goals: 1. Identify the intruders capabilities and current security threats for CI/CD pipelines. 2. Identify limitations of CI/CD pipeline protection tools and explore approaches to detecting malicious activity. 3. Development of a way to detect malicious activity in CI/CD pipelines using eBPF technology and behavioral analysis. 4. Implement a software prototype and conduct experimental testing of the proposed method. During the work CI/CD systems were investigated and the interchangeability of these systems was demonstrated. Types of security threats in the CI/CD pipeline were proposed, and a list of current threats was compiled. The limitations of existing protection tools were identified. Attacks on the pipeline were simulated, and a set of data was collected for testing purposes kernel network stack implementation and architecture were studied. The work resulted in the development of combined way for detecting potentially malicious activity in pipelines was proposed. The accuracy and operability of the way have been experimentally demonstrated. These results can be used to implement protection tools for CI systems and contribute to research in CI/CD pipelines security.
Publikationsart:	Other literature type
Sprache:	Russian
DOI:	10.18720/spbpu/3/2025/vr/vr25-43
Dokumentencode:	edsair.doi...........cdae2212769c93bd7dc40ca46c0d4090
Datenbank:	OpenAIRE

Nájsť tento článok vo Web of Science

Beschreibung
Abstract:	Ð¦ÐµÐ»ÑÑ ÑÐ°Ð±Ð¾ÑÑ ÑÐ²Ð»ÑÐµÑÑÑ Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ðµ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ CI/CD Ð½Ð° Ð¾ÑÐ½Ð¾Ð²Ðµ Ð´Ð°Ð½Ð½ÑÑ, Ð¿Ð¾Ð»ÑÑÐ°ÐµÐ¼ÑÑ Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑÐµÑÐ½Ð¾Ð»Ð¾Ð³Ð¸Ð¸ eBPF. ÐÑÐµÐ´Ð¼ÐµÑÐ¾Ð¼ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ ÑÐ²Ð»ÑÑÑÑÑ ÑÐ¾Ð²ÑÐµÐ¼ÐµÐ½Ð½ÑÐµ Ð¿Ð¾Ð´ÑÐ¾Ð´Ñ Ðº Ð²ÑÑÐ²Ð»ÐµÐ½Ð¸Ñ Ð°ÑÐ°Ðº Ð¸ Ð°Ð½Ð¾Ð¼Ð°Ð»Ð¸Ð¹, Ð¿ÑÐ¾Ð¸ÑÑÐ¾Ð´ÑÑÐ¸Ñ Ð²Ð¾ Ð²ÑÐµÐ¼Ñ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ° CI/CD. ÐÐ°Ð´Ð°ÑÐ¸, ÑÐµÑÐ°ÐµÐ¼ÑÐµ Ð² ÑÐ¾Ð´Ðµ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ñ: 1. ÐÐ¿ÑÐµÐ´ÐµÐ»Ð¸ÑÑ Ð²Ð¾Ð·Ð¼Ð¾Ð¶Ð½Ð¾ÑÑÐ¸ Ð½Ð°ÑÑÑÐ¸ÑÐµÐ»Ñ Ð¸ Ð°ÐºÑÑÐ°Ð»ÑÐ½ÑÐµ ÑÐ³ÑÐ¾Ð·Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ Ð´Ð»Ñ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD. 2. ÐÑÑÐ²Ð¸ÑÑ Ð¾Ð³ÑÐ°Ð½Ð¸ÑÐµÐ½Ð¸Ñ ÑÑÐµÐ´ÑÑÐ² Ð·Ð°ÑÐ¸ÑÑ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD Ð¸ Ð¿ÐµÑÑÐ¿ÐµÐºÑÐ¸Ð²Ð½ÑÐµ Ð¿Ð¾Ð´ÑÐ¾Ð´Ñ Ðº Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸. 3. ÐÑÐµÐ´Ð»Ð¾Ð¶Ð¸ÑÑ ÑÐ¿Ð¾ÑÐ¾Ð± Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ CI/CD Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸ÐµÐ¼ ÑÐµÑÐ½Ð¾Ð»Ð¾Ð³Ð¸Ð¸ eBPF Ð¸ Ð¿Ð¾Ð²ÐµÐ´ÐµÐ½ÑÐµÑÐºÐ¾Ð³Ð¾ Ð°Ð½Ð°Ð»Ð¸Ð·Ð°. 4. Ð ÐµÐ°Ð»Ð¸Ð·Ð¾Ð²Ð°ÑÑ Ð¿ÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð½ÑÐ¹ Ð¿ÑÐ¾ÑÐ¾ÑÐ¸Ð¿ Ð¸ Ð¿ÑÐ¾Ð²ÐµÑÑÐ¸ ÑÐºÑÐ¿ÐµÑÐ¸Ð¼ÐµÐ½ÑÐ°Ð»ÑÐ½ÑÑ Ð¿ÑÐ¾Ð²ÐµÑÐºÑ Ð¿ÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½Ð½Ð¾Ð³Ð¾ ÑÐ¿Ð¾ÑÐ¾Ð±Ð°. Ð ÑÐ¾Ð´Ðµ ÑÐ°Ð±Ð¾ÑÑ Ð±ÑÐ»Ð° Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð° ÑÐ¸ÑÑÐµÐ¼Ñ ÑÐ±Ð¾ÑÐºÐ¸ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð² CI/CD, Ð¿Ð¾ÐºÐ°Ð·Ð°Ð½Ð° Ð²Ð·Ð°Ð¸Ð¼Ð¾Ð·Ð°Ð¼ÐµÐ½ÑÐµÐ¼Ð¾ÑÑÑ ÑÐ¸ÑÑÐµÐ¼. ÐÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½Ñ ÑÐ¸Ð¿Ñ Ð½Ð°ÑÑÑÐ¸ÑÐµÐ»Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐµ CI/CD, ÑÐ¾ÑÑÐ°Ð²Ð»ÐµÐ½ ÑÐ¿Ð¸ÑÐ¾Ðº Ð°ÐºÑÑÐ°Ð»ÑÐ½ÑÑ ÑÐ³ÑÐ¾Ð·. ÐÐ¿ÑÐµÐ´ÐµÐ»ÐµÐ½Ñ Ð¾Ð³ÑÐ°Ð½Ð¸ÑÐµÐ½Ð¸Ñ ÑÑÐµÐ´ÑÑÐ² Ð·Ð°ÑÐ¸ÑÑ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð². Ð ÐµÐ°Ð»Ð¸Ð·Ð¾Ð²Ð°Ð½Ñ Ð°ÑÐ°ÐºÐ¸ Ð½Ð° ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑ, ÑÐ¾Ð±ÑÐ°Ð½ Ð½Ð°Ð±Ð¾Ñ Ð´Ð°Ð½Ð½ÑÑ Ð´Ð»Ñ ÑÐµÑÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð¸Ñ. Ð ÑÐµÐ·ÑÐ»ÑÑÐ°ÑÐµ ÑÐ°Ð±Ð¾ÑÑ Ð¿ÑÐµÐ´Ð»Ð¾Ð¶ÐµÐ½ ÐºÐ¾Ð¼Ð±Ð¸Ð½Ð¸ÑÐ¾Ð²Ð°Ð½Ð½ÑÐ¹ ÑÐ¿Ð¾ÑÐ¾Ð± Ð¾Ð±Ð½Ð°ÑÑÐ¶ÐµÐ½Ð¸Ñ Ð¿Ð¾ÑÐµÐ½ÑÐ¸Ð°Ð»ÑÐ½Ð¾ Ð²ÑÐµÐ´Ð¾Ð½Ð¾ÑÐ½Ð¾Ð¹ Ð°ÐºÑÐ¸Ð²Ð½Ð¾ÑÑÐ¸ Ð² ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ°Ñ. ÐÐºÑÐ¿ÐµÑÐ¸Ð¼ÐµÐ½ÑÐ°Ð»ÑÐ½Ð¾ Ð¿ÑÐ¾Ð´ÐµÐ¼Ð¾Ð½ÑÑÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð° ÑÐ¾ÑÐ½Ð¾ÑÑÑ Ð¸ ÑÐ°Ð±Ð¾ÑÐ¾ÑÐ¿Ð¾ÑÐ¾Ð±Ð½Ð¾ÑÑÑ ÑÐ¿Ð¾ÑÐ¾Ð±Ð°. ÐÐ¾Ð»ÑÑÐµÐ½Ð½ÑÐµ ÑÐµÐ·ÑÐ»ÑÑÐ°ÑÑ Ð¼Ð¾Ð³ÑÑ Ð±ÑÑÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ñ Ð´Ð»Ñ Ð²Ð½ÐµÐ´ÑÐµÐ½Ð¸Ñ Ð² ÑÑÐµÐ´ÑÑÐ²Ð° Ð·Ð°ÑÐ¸ÑÑ ÑÐ±Ð¾ÑÑÐ¸ÐºÐ¾Ð² Ð¸ Ð¸ÑÑÐ»ÐµÐ´Ð¾Ð²Ð°Ð½Ð¸Ð¹ Ð² Ð¾Ð±Ð»Ð°ÑÑÐ¸ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑÐ¸ ÐºÐ¾Ð½Ð²ÐµÐ¹ÐµÑÐ¾Ð².<br />The purpose of the study is to detect malicious activity in CI/CD pipelines using data collected through eBPF. The subject of the work is modern approaches to detecting attacks and anomalies that occur during the execution of a CI/CD pipeline. The research sets the following goals: 1. Identify the intruders capabilities and current security threats for CI/CD pipelines. 2. Identify limitations of CI/CD pipeline protection tools and explore approaches to detecting malicious activity. 3. Development of a way to detect malicious activity in CI/CD pipelines using eBPF technology and behavioral analysis. 4. Implement a software prototype and conduct experimental testing of the proposed method. During the work CI/CD systems were investigated and the interchangeability of these systems was demonstrated. Types of security threats in the CI/CD pipeline were proposed, and a list of current threats was compiled. The limitations of existing protection tools were identified. Attacks on the pipeline were simulated, and a set of data was collected for testing purposes kernel network stack implementation and architecture were studied. The work resulted in the development of combined way for detecting potentially malicious activity in pipelines was proposed. The accuracy and operability of the way have been experimentally demonstrated. These results can be used to implement protection tools for CI systems and contribute to research in CI/CD pipelines security.
DOI:	10.18720/spbpu/3/2025/vr/vr25-43