Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure

PI(s), Co-PI(s), Researchers:

PI: Helen Gu

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Resilient Architectures

Our research aims at aiding administrators of virtualized computing infrastructures in making services more resilient to security attacks through applying machine learning to reduce both security and functionality risks in software patching by continually monitoring patched and unpatched software to discover vulnerabilities and triggering proper security updates.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

"A Study on Container Vulnerability Exploit Detection",
Olufogorehan Tunde-Onadele, Jingzhu He, Ting Dai, and Xiaohui Gu
Proc. of IEEE International Conference on Cloud Engineering (IC2E), Prague, Czech Republic, June, 2019. (accepted)

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

Containers have become increasingly popular for deploying applications in cloud computing infrastructures. However, our previous study has shown that containers are prone to various security attacks.

In this quarter, we continued our research on real time container vulnerability discovery. We refined our dynamic vulnerability exploit detection system (changing the algorithm from SOM to autoencoder) and collect results over a set of real world exploits. Our initial results using a limited set of exploits show that our exploit detection has 100% detection rate and lower than 1% false alarms. We plan to finish 30 exploits within April. To make our results close to real environment, we started to use JMeter and real world workload intensity to produce dynamic workload to our monitored containers. We also collected top affected system calls during detected attack period to identify the attack type so that we can trigger specific patch based on the attack type information. Our initial container vulnerability exploit detection work has been accepted by IEEE IC2E 2019.

COMMUNITY ENGAGEMENTS

None.

EDUCATIONAL ADVANCES:

One PhD student Olufogorehan Tunde-Onadele is currently supported by the grant. He will attend IC2E to present our container vulnerability exploit detection work.