Creating and analyzing datasets using eBPF technology in container infrastructures

Abstract

Containerized environments such as Docker provide isolation and deployment of distributed services and applications. However, anomalies and attacks can still occur within containers and within containerized networks. This paper proposes the creation of a dataset using eBPF-based traceback to monitor communication between containers in a Docker environment. In the process, a Docker environment with containers providing different services is created and eBPF-based data collection programs are configured to capture packet-level data. The collected dataset contains characteristics such as process IDs, container IDs, network events, and function arguments. A detailed analysis of these characteristics can provide valuable information about container network behavior, performance issues and vulnerabilities. As a proof of concept, the paper evaluates the applicability of classifiers such as Naive Bayes, KNN, SVM and Random Forest to detect anomalies in the dataset. The results show accuracy in the range of 0.42-0.67 and F-measure performance in the range of 0.54-0.65. Overall, the study demonstrates the potential of creating eBPF-based datasets for container security monitoring and anomaly detection by further optimizing data analysis techniques. The proposed approach can help in securing, troubleshooting, and optimizing container deploymet., mobile network, visibility graph, geometric graph, random walks, simulation.