Enhancing Kubernetes security with machine learning: а proactive approach to anomaly detection
Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes with significant security challenges, particularly in detecting specific attack types within dynamic and ephemeral environments. This study...
Gespeichert in:
| Veröffentlicht in: | Nauchno-tekhnicheskiĭ vestnik informat͡s︡ionnykh tekhnologiĭ, mekhaniki i optiki Jg. 24; H. 6; S. 1007 - 1015 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
ITMO University
01.12.2024
|
| Schlagworte: | |
| ISSN: | 2226-1494, 2500-0373 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes with significant security challenges, particularly in detecting specific attack types within dynamic and ephemeral environments. This study presents a focused application of Machine Learning (ML) techniques to enhance security in Kubernetes by detecting Denial of Service (DoS) attacks and differentiating between DoS attacks, resource overload caused by attacks, and natural resource overloads. We developed a custom monitoring agent that collects telemetry data from various sources, including real-world workloads, actual attack scenarios, simulated hacking attempts, and induced overloading on containers and pods, ensuring comprehensive coverage. The dataset comprising these diverse sources was meticulously labeled and preprocessed, including normalization and temporal analysis. We employed and evaluated various ML classifiers, with Random Forest and AdaBoost emerging as the top performers, achieving F1 macro scores of 0.9990 ± 0.0006 and 0.9990 ± 0.0003, respectively. The novelty of our approach lies in its ability to accurately distinguish between different types of resource overloads and provide robust detection of DoS attacks within Kubernetes environments. These models demonstrated a high degree of accuracy in detecting security incidents, significantly reducing false positives and false negatives. Our findings highlight the potential of ML models to provide a targeted, proactive security framework for Kubernetes, offering robust protection against specific attack vectors while maintaining system reliability. |
|---|---|
| AbstractList | Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes with significant security challenges, particularly in detecting specific attack types within dynamic and ephemeral environments. This study presents a focused application of Machine Learning (ML) techniques to enhance security in Kubernetes by detecting Denial of Service (DoS) attacks and differentiating between DoS attacks, resource overload caused by attacks, and natural resource overloads. We developed a custom monitoring agent that collects telemetry data from various sources, including real-world workloads, actual attack scenarios, simulated hacking attempts, and induced overloading on containers and pods, ensuring comprehensive coverage. The dataset comprising these diverse sources was meticulously labeled and preprocessed, including normalization and temporal analysis. We employed and evaluated various ML classifiers, with Random Forest and AdaBoost emerging as the top performers, achieving F1 macro scores of 0.9990 ± 0.0006 and 0.9990 ± 0.0003, respectively. The novelty of our approach lies in its ability to accurately distinguish between different types of resource overloads and provide robust detection of DoS attacks within Kubernetes environments. These models demonstrated a high degree of accuracy in detecting security incidents, significantly reducing false positives and false negatives. Our findings highlight the potential of ML models to provide a targeted, proactive security framework for Kubernetes, offering robust protection against specific attack vectors while maintaining system reliability. |
| Author | Hammoud, J. Darwesh, G. Vorobeva, A.A. |
| Author_xml | – sequence: 1 givenname: G. orcidid: 0000-0003-1116-9410 surname: Darwesh fullname: Darwesh, G. – sequence: 2 givenname: J. orcidid: 0000-0002-2033-0838 surname: Hammoud fullname: Hammoud, J. – sequence: 3 givenname: A.A. orcidid: 0000-0001-6691-6167 surname: Vorobeva fullname: Vorobeva, A.A. |
| BookMark | eNo9kMtKQzEQhoNUUKvvkJW7o7mfxIUgxRsKbnQd0mTSntImJedU6Vv5KD6Sab1A-DOTDN_Ad4JGKSdA6JySC9pKrS4ZY6qhwoiGEVZDNLUlpK1B5QE6ZpKQhvCWj2r9N3uEzvp-QQihbQ3GjpG9TXOXfJdm-GkzhZJggB734DelG7b4oxvmeOX8vEuAl-BKqpNX-OsTr0t2fujeAbv1vp7jIWOX8sottzhUTP3N6RQdRrfs4ez3HqO3u9vXyUPz_HL_OLl5bjwTrWyikUppTo30gRkDTAfCQZgI3EQXtBSUR-0j1SQKH1QAH4huuQuk9cQEPkaPP9yQ3cKuS7dyZWuz6-z-IZeZdWXo_BIs1XIKVDkVdSsEras1l4YCU1PFRHSVdf3D8iX3fYH4z6PE7u3bnVG7M2p39m09ta327c4-_waBVnuj |
| ContentType | Journal Article |
| DBID | AAYXX CITATION DOA |
| DOI | 10.17586/2226-1494-2024-24-6-1007-1015 |
| DatabaseName | CrossRef DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2500-0373 |
| EndPage | 1015 |
| ExternalDocumentID | oai_doaj_org_article_185be16a6f87441f9583591e26b624fa 10_17586_2226_1494_2024_24_6_1007_1015 |
| GroupedDBID | 642 AAYXX ADBBV AFKRA ALMA_UNASSIGNED_HOLDINGS BCNDV BENPR BPHCQ BYOGL CITATION GROUPED_DOAJ KQ8 PIMPY PQQKQ PROAC VCL VIT |
| ID | FETCH-LOGICAL-c2475-f956683195cd299e28d03e49fe39fad85413f8cf180f4cd6decd0873ad07c09d3 |
| IEDL.DBID | DOA |
| ISSN | 2226-1494 |
| IngestDate | Mon Nov 03 22:07:14 EST 2025 Sat Nov 29 03:57:46 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 6 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c2475-f956683195cd299e28d03e49fe39fad85413f8cf180f4cd6decd0873ad07c09d3 |
| ORCID | 0000-0001-6691-6167 0000-0003-1116-9410 0000-0002-2033-0838 |
| OpenAccessLink | https://doaj.org/article/185be16a6f87441f9583591e26b624fa |
| PageCount | 9 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_185be16a6f87441f9583591e26b624fa crossref_primary_10_17586_2226_1494_2024_24_6_1007_1015 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-12-01 |
| PublicationDateYYYYMMDD | 2024-12-01 |
| PublicationDate_xml | – month: 12 year: 2024 text: 2024-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Nauchno-tekhnicheskiĭ vestnik informat͡s︡ionnykh tekhnologiĭ, mekhaniki i optiki |
| PublicationYear | 2024 |
| Publisher | ITMO University |
| Publisher_xml | – name: ITMO University |
| SSID | ssj0001700022 ssib026971427 |
| Score | 2.2759619 |
| Snippet | Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes... |
| SourceID | doaj crossref |
| SourceType | Open Website Index Database |
| StartPage | 1007 |
| SubjectTerms | безопасность kubernetes кибербезопасность контейнеризация машинное обучение микросервисы обнаружение аномалий обнаружение угроз в реальном времени телеметрические данные |
| Title | Enhancing Kubernetes security with machine learning: а proactive approach to anomaly detection |
| URI | https://doaj.org/article/185be16a6f87441f9583591e26b624fa |
| Volume | 24 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals customDbUrl: eissn: 2500-0373 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0001700022 issn: 2226-1494 databaseCode: DOA dateStart: 20010101 isFulltext: true titleUrlDefault: https://www.doaj.org/ providerName: Directory of Open Access Journals |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV3LSsUwEA0iIroQn3h9kYW4C_aRpIk7FUUQxIWCu9AmEx9or1yvgn_lp_hJzqRVris3Qik00FJOTzMnw-QMY7sxjx4_qxEqLxshVQ7CqtoK1XgpAWrA-SE1m6guLszNjb2caPVFNWGdPXAH3D7GkwZyXetIRu15tAo1g82h0I0uZEzSCFXPxGIKmVRoW-Wy97d86ExiKFpRpznUGwKXBXKW7dGMgXpZ7_8MImkKPEmBl5TEQ8KqXxFrwtg_RaDTRbbQS0d-2L3yEpuCdpnNTxgKrjB30t6RgUZ7y89fGxi1lFblL32POk5JV_6UyieB9_0ibg_45wdPG6to5uPfJuN8POR1O3yqH995gHGq2GpX2fXpydXxmehbKAhfyEoJhEtrg7-Z8gEDDxQmZCVIG6G0sQ5GYQyLxsfcZFH6oAP4kJmqrENW-cyGco1Nt8MW1hn3jVJN4QtNHn9lZW3UEGobSOCYCM2AVd8wuefOKcPRCoMAdgSwI4AdAezw0J1bMgE8YEeE6s9d5HidBpAHrueB-4sHG__xkE02lwiQylW22PR49ArbbMa_je9fRjuJYl80Hs6I |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Enhancing+Kubernetes+security+with+machine+learning%3A+%D0%B0+proactive+approach+to+anomaly+detection&rft.jtitle=Nauchno-tekhnicheski%C4%AD+vestnik+informat%CD%A1s%EF%B8%A1ionnykh+tekhnologi%C4%AD%2C+mekhaniki+i+optiki&rft.au=G.+Darwesh&rft.au=J.+Hammoud&rft.au=A.+A.+Vorobeva&rft.date=2024-12-01&rft.pub=ITMO+University&rft.issn=2226-1494&rft.eissn=2500-0373&rft.volume=24&rft.issue=6&rft.spage=1007&rft.epage=1015&rft_id=info:doi/10.17586%2F2226-1494-2024-24-6-1007-1015&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_185be16a6f87441f9583591e26b624fa |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2226-1494&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2226-1494&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2226-1494&client=summon |