Enhancing Kubernetes security with machine learning: а proactive approach to anomaly detection

Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes with significant security challenges, particularly in detecting specific attack types within dynamic and ephemeral environments. This study...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Nauchno-tekhnicheskiĭ vestnik informat͡s︡ionnykh tekhnologiĭ, mekhaniki i optiki Ročník 24; číslo 6; s. 1007 - 1015
Hlavní autoři: Darwesh, G., Hammoud, J., Vorobeva, A.A.
Médium: Journal Article
Jazyk:angličtina
Vydáno: ITMO University 01.12.2024
Témata:
безопасность kubernetes
кибербезопасность
контейнеризация
машинное обучение
микросервисы
обнаружение аномалий
обнаружение угроз в реальном времени
телеметрические данные
ISSN:2226-1494, 2500-0373
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Kubernetes has become a cornerstone of modern software development enabling scalable and efficient deployment of microservices. However, this scalability comes with significant security challenges, particularly in detecting specific attack types within dynamic and ephemeral environments. This study presents a focused application of Machine Learning (ML) techniques to enhance security in Kubernetes by detecting Denial of Service (DoS) attacks and differentiating between DoS attacks, resource overload caused by attacks, and natural resource overloads. We developed a custom monitoring agent that collects telemetry data from various sources, including real-world workloads, actual attack scenarios, simulated hacking attempts, and induced overloading on containers and pods, ensuring comprehensive coverage. The dataset comprising these diverse sources was meticulously labeled and preprocessed, including normalization and temporal analysis. We employed and evaluated various ML classifiers, with Random Forest and AdaBoost emerging as the top performers, achieving F1 macro scores of 0.9990 ± 0.0006 and 0.9990 ± 0.0003, respectively. The novelty of our approach lies in its ability to accurately distinguish between different types of resource overloads and provide robust detection of DoS attacks within Kubernetes environments. These models demonstrated a high degree of accuracy in detecting security incidents, significantly reducing false positives and false negatives. Our findings highlight the potential of ML models to provide a targeted, proactive security framework for Kubernetes, offering robust protection against specific attack vectors while maintaining system reliability.
ISSN:2226-1494
2500-0373
DOI:10.17586/2226-1494-2024-24-6-1007-1015