Visible to the public Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing InfrastructureConflict Detection Enabled

Submitted by najmeri on Tue, 06/25/2019 - 9:52pm

PI(s), Co-PI(s), Researchers:

PI: Helen Gu; Researchers: Olufogorehan Tunde-Onadele (Fogo), Ting Dai

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Resilient Architectures

Our research aims at aiding administrators of virtualized computing infrastructures in making services more resilient to security attacks through applying machine learning to reduce both security and functionality risks in software patching by continually monitoring patched and unpatched software to discover vulnerabilities and triggering proper security updates.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

Containers have become increasingly popular for deploying applications in cloud computing infrastructures. However, our previous study has shown that containers are prone to various security attacks.

In this quarter, we started to implement our aggregated behavior learning framework that leverages learning data from different containers running the same application together. We conducted dynamic container vulnerability exploit detection experiments over 29 exploits and compared the detection accuracy of aggregated behavior learning versus individual behavior learning. Our experiments show that aggregated learning can improve the accuracy and detection lead time in 70% of tested attacks. We further conducted an initial study on a container classification scheme that can recognize containers running the same application using runtime monitoring data. Our initial experiments show that we can achieve over 80% classification accuracy.

COMMUNITY ENGAGEMENTS

None.

EDUCATIONAL ADVANCES:

Two PhD students Fogo (Olufogorehan Tunde-Onadele) and Ting Dai are supported by the grant. Fogo attended IC2E to present our container vulnerability exploit detection work.

Groups: