| Title | A Study on Container Vulnerability Exploit Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Tunde-Onadele, Olufogorehan, He, Jingzhu, Dai, Ting, Gu, Xiaohui |
| Conference Name | 2019 IEEE International Conference on Cloud Engineering (IC2E) |
| Keywords | anomaly detection, cloud computing, cloud computing infrastructures, compositionality, Container Security, container vulnerability exploit detection, Containers, Databases, Docker Images, dynamic anomaly detection scheme, dynamic vulnerability attack detection schemes, feature extraction, Heuristic algorithms, Human Behavior, image processing, learning (artificial intelligence), machine learning, Metrics, pubcrawl, Resiliency, security, security of data, static vulnerability attack detection schemes, Tools, vulnerability detection |
| Abstract | Containers have become increasingly popular for deploying applications in cloud computing infrastructures. However, recent studies have shown that containers are prone to various security attacks. In this paper, we conduct a study on the effectiveness of various vulnerability detection schemes for containers. Specifically, we implement and evaluate a set of static and dynamic vulnerability attack detection schemes using 28 real world vulnerability exploits that widely exist in docker images. Our results show that the static vulnerability scanning scheme only detects 3 out of 28 tested vulnerabilities and dynamic anomaly detection schemes detect 22 vulnerability exploits. Combining static and dynamic schemes can further improve the detection rate to 86% (i.e., 24 out of 28 exploits). We also observe that the dynamic anomaly detection scheme can achieve more than 20 seconds lead time (i.e., a time window before attacks succeed) for a group of commonly seen attacks in containers that try to gain a shell and execute arbitrary code. |
| DOI | 10.1109/IC2E.2019.00026 |
| Citation Key | tunde-onadele_study_2019 |
A Study on Container Vulnerability Exploit Detection