AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Beyond the First Layers of Cloud Defenses: An Ensemble Solution for Improving Container Runtime Security Using Metrics: An Ensemble Solution for Improving Container Runtime Security Using Metrics

Authors

;

Term

4. term

Education

Computer Science (IT), Master

Publication year

2021

Submitted on

Pages

86

Abstract

Security in cloud computing is an ongoing effort carried out across multiple layers. This thesis focuses on the container layer, where applications run in lightweight, isolated packages called containers. We address runtime security—detecting suspicious behavior while containers are running. Our goal is to improve the usefulness of Falco, an open-source runtime security tool whose alerts can be overwhelmed by low-priority notifications. We implement a simple companion tool that analyzes container metrics, such as CPU and memory usage, to identify outliers that may signal an attack. When our algorithms detect anomalies at the same time Falco raises an alert, we increase the priority of that Falco alert so it stands out. This approach aims to surface likely attacks more clearly by combining Falco’s event detections with behavior-based signals.

Sikkerhed i cloud computing er en løbende proces, der foregår på flere lag. Dette speciale fokuserer på containerlaget, hvor applikationer kører i lette, isolerede pakker kaldet containere. Vi ser på sikkerhed under drift (runtime), altså at opdage mistænkelig adfærd, mens containerne kører. Målet er at forbedre nytteværdien af Falco, et open source-værktøj til runtime-sikkerhed, hvis advarsler ofte drukner blandt mange lavprioriterede beskeder. Vi implementerer et simpelt hjælpeværktøj, der analyserer containermetrics som CPU- og hukommelsesforbrug for at finde afvigelser, der kan indikere et angreb. Når vores algoritmer registrerer anomalier samtidig med, at Falco udløser en advarsel, hæver vi prioriteten af den Falco-advarsel, så den træder tydeligere frem. Tilgangen skal gøre sandsynlige angreb mere synlige ved at kombinere Falcos hændelsesdetektion med adfærdsbaserede signaler.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Keywords

cloud computing ; container ; Docker ; container security ; cloud security ; runtime container security ; anomaly detection ; container metrics ; Falco

Documents

Download PDF
View record in AAU Student Projects

Other projects by the authors

Spence, Fruzsina Vivienne: