Kernel-Level Rootkits Features to Train Learning Models Against Namespace Attacks on Containers

被引:1
作者
Lee, Wonjun [1 ]
Nadim, Mohammad [2 ]
机构
[1] Yeshiva Univ, Katz Sch Sci & Hlth, New York, NY 10033 USA
[2] Univ Texas San Antonio, Elect & Comp Engn, San Antonio, TX USA
来源
2020 7TH IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND CLOUD COMPUTING (CSCLOUD 2020)/2020 6TH IEEE INTERNATIONAL CONFERENCE ON EDGE COMPUTING AND SCALABLE CLOUD (EDGECOM 2020) | 2020年
关键词
container; feature; kernel; rootkit; machine learning;
D O I
10.1109/CSCloud-EdgeCom49738.2020.00018
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The container-based cloud computing service is increasingly adopted by many service providers for its efficiency and flexibility. Containers isolated by namespaces share OS kernel. When the kernel-level rootkits exploit vulnerabilities existing in kernel, the namespace can be invalidated leading to critical security incidents. Even though many traditional approaches have been made to detect kernel-level rootkits, it is hard to detect new attacks conducted in the new environment such as container-based cloud computing system. In this paper, we show some possible attack scenarios by kernel-level rootkits exploiting kernel namespaces and suggest key features that can be used to train machine learning and neural network models.
引用
收藏
页码:50 / 55
页数:6
相关论文
共 33 条
  • [1] Akao Y., 2016, 2016 INT C INF SCI S, P1, DOI DOI 10.1109/ICISSEC.2016.7885860
  • [2] Al-Shaheri S., 2013, ANN ADFSL C DIG FOR, V4
  • [3] Automatic Inference and Enforcement of Kernel Data Structure Invariants
    Baliga, Arati
    Ganapathy, Vinod
    Iftode, Liviu
    [J]. 24TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2008, : 77 - 86
  • [4] Blunden B., 2012, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
  • [5] Advancing Mac OS X rootkit detection
    Case, Andrew
    Richard, Golden G., III
    [J]. DIGITAL INVESTIGATION, 2015, 14 : S25 - S33
  • [6] Dolan-Gavitt B, 2009, CCS'09: PROCEEDINGS OF THE 16TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P566
  • [7] JoKER: Trusted Detection of Kernel Rootkits in Android Devices via JTAG Interface
    Guri, Mordechai
    Poliak, Yuri
    Shapira, Bracha
    Elovici, Yuval
    [J]. 2015 IEEE TRUSTCOM/BIGDATASE/ISPA, VOL 1, 2015, : 65 - 73
  • [8] Han S., 2017, BLACKHAT ASIA
  • [9] Hay Brian, 2008, Operating Systems Review, V42, P74, DOI 10.1145/1368506.1368517
  • [10] Hofmann O. S., 2011, ASPLOS
1234