On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities

Md. Bhuiyan; Souvik Das; Shafayat Majumder; Suryadipta Majumdar; Md. Hossain

doi:10.5220/0012509400003711

On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities

Md. Bhuiyan, Souvik Das, Shafayat Majumder, Suryadipta Majumdar, Md. Hossain

2024

Abstract

In recent years, cloud-native applications have been widely hosted and managed in containerized environments due to their unique benefits, such as being lightweight, portable, and cost-efficient. Their growing popularity makes them a common subject of cyberthreats, as evidenced by recent attacks. Many of those attacks take place due to malicious code injection to breach systems and steal sensitive data from a containerized environment. However, existing solutions fail to classify malicious code injection attacks that impact multiple levels (e.g., application and orchestrator). In this paper, we fill in this gap and propose a multi-level monitoring-based approach where we monitor container activities at both the system call level and the container orchestrator (e.g., Kubernetes) level. Specifically, our approach can distinguish between the expected and unexpected behavior of a container from various system call characteristics (e.g., sequence, frequency, etc.) along with the activities through event logs at the orchestrator level to detect malicious code injection attacks. We implement our approach for Kubernetes, a major container orchestrator, and evaluate it against various attack paths outlined by the Cloud Native Computing Foundation (CNCF), an open-source foundation for cloud native computing.

Download

Paper Citation

in Harvard Style

Bhuiyan M., Das S., Majumder S., Majumdar S. and Hossain M. (2024). On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities. In Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER; ISBN 978-989-758-701-6, SciTePress, pages 15-26. DOI: 10.5220/0012509400003711

in Bibtex Style

@conference{closer24,
author={Md. Bhuiyan and Souvik Das and Shafayat Majumder and Suryadipta Majumdar and Md. Hossain},
title={On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities},
booktitle={Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER},
year={2024},
pages={15-26},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012509400003711},
isbn={978-989-758-701-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 14th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER
TI - On Detecting Malicious Code Injection by Monitoring Multi-Level Container Activities
SN - 978-989-758-701-6
AU - Bhuiyan M.
AU - Das S.
AU - Majumder S.
AU - Majumdar S.
AU - Hossain M.
PY - 2024
SP - 15
EP - 26
DO - 10.5220/0012509400003711
PB - SciTePress