On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities
Md. Bhuiyan, Souvik Das, Shafayat Majumder, Suryadipta Majumdar, Md. Hossain
2024
Abstract
In recent years, cloud-native applications have been widely hosted and managed in containerized environments due to their unique benefits, such as being lightweight, portable, and cost-efficient. Their growing popularity makes them a common subject of cyberthreats, as evidenced by recent attacks. Many of those attacks take place due to malicious code injection to breach systems and steal sensitive data from a containerized environment. However, existing solutions fail to classify malicious code injection attacks that impact multiple levels (e.g., application and orchestrator). In this paper, we fill in this gap and propose a multi-level monitoring-based approach where we monitor container activities at both the system call level and the container orchestrator (e.g., Kubernetes) level. Specifically, our approach can distinguish between the expected and unexpected behavior of a container from various system call characteristics (e.g., sequence, frequency, etc.) along with the activities through event logs at the orchestrator level to detect malicious code injection attacks. We implement our approach for Kubernetes, a major container orchestrator, and evaluate it against various attack paths outlined by the Cloud Native Computing Foundation (CNCF), an open-source foundation for cloud native computing.
DownloadPaper Citation
in Harvard Style
Bhuiyan M., Das S., Majumder S., Majumdar S. and Hossain M. (2024). On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities. In Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER; ISBN 978-989-758-701-6, SciTePress, pages 15-26. DOI: 10.5220/0012509400003711
in Bibtex Style
@conference{closer24,
author={Md. Bhuiyan and Souvik Das and Shafayat Majumder and Suryadipta Majumdar and Md. Hossain},
title={On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities},
booktitle={Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER},
year={2024},
pages={15-26},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012509400003711},
isbn={978-989-758-701-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER
TI - On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities
SN - 978-989-758-701-6
AU - Bhuiyan M.
AU - Das S.
AU - Majumder S.
AU - Majumdar S.
AU - Hossain M.
PY - 2024
SP - 15
EP - 26
DO - 10.5220/0012509400003711
PB - SciTePress