@article{ART003090590},
author={Hyeonseok Shin and Minjung Jo and Hosang Yoo and Yongwon Lee and Byungchul Tak},
title={A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2024},
volume={29},
number={6},
pages={39-51},
doi={10.9708/jksci.2024.29.06.039}
TY - JOUR
AU - Hyeonseok Shin
AU - Minjung Jo
AU - Hosang Yoo
AU - Yongwon Lee
AU - Byungchul Tak
TI - A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost
JO - Journal of The Korea Society of Computer and Information
PY - 2024
VL - 29
IS - 6
PB - The Korean Society Of Computer And Information
SP - 39
EP - 51
SN - 1598-849X
AB - This paper proposes a novel approach to enhance the security of container-based systems by analyzing system calls to dynamically detect race conditions without modifying the kernel. Container escape attacks allow attackers to break out of a container's isolation and access other systems, utilizing vulnerabilities such as race conditions that can occur in parallel computing environments. To effectively detect and defend against such attacks, this study utilizes eBPF to observe system call patterns during attack attempts and employs a AdaBoost model to detect them. For this purpose, system calls invoked during the attacks such as Dirty COW and Dirty Cred from popular applications such as MongoDB, PostgreSQL, and Redis, were used as training data. The experimental results show that this method achieved a precision of 99.55%, a recall of 99.68%, and an F1-score of 99.62%, with the system overhead of 8%.
KW - eBPF;System Call;Dirty COW;Dirty Cred;AdaBoost
DO - 10.9708/jksci.2024.29.06.039
ER -
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee and Byungchul Tak. (2024). A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost. Journal of The Korea Society of Computer and Information, 29(6), 39-51.
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee and Byungchul Tak. 2024, "A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost", Journal of The Korea Society of Computer and Information, vol.29, no.6 pp.39-51. Available from: doi:10.9708/jksci.2024.29.06.039
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Byungchul Tak "A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost" Journal of The Korea Society of Computer and Information 29.6 pp.39-51 (2024) : 39.
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Byungchul Tak. A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost. 2024; 29(6), 39-51. Available from: doi:10.9708/jksci.2024.29.06.039
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee and Byungchul Tak. "A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost" Journal of The Korea Society of Computer and Information 29, no.6 (2024) : 39-51.doi: 10.9708/jksci.2024.29.06.039
Hyeonseok Shin; Minjung Jo; Hosang Yoo; Yongwon Lee; Byungchul Tak. A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost. Journal of The Korea Society of Computer and Information, 29(6), 39-51. doi: 10.9708/jksci.2024.29.06.039
Hyeonseok Shin; Minjung Jo; Hosang Yoo; Yongwon Lee; Byungchul Tak. A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost. Journal of The Korea Society of Computer and Information. 2024; 29(6) 39-51. doi: 10.9708/jksci.2024.29.06.039
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee, Byungchul Tak. A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost. 2024; 29(6), 39-51. Available from: doi:10.9708/jksci.2024.29.06.039
Hyeonseok Shin, Minjung Jo, Hosang Yoo, Yongwon Lee and Byungchul Tak. "A Technique for Accurate Detection of Container Attacks with eBPF and AdaBoost" Journal of The Korea Society of Computer and Information 29, no.6 (2024) : 39-51.doi: 10.9708/jksci.2024.29.06.039
