Abstract
The lightweight virtualisation and isolated execution offered by Linux containers qualify it to be the dominant virtualisation platform for cloud-based applications. The fact that Linux containers run on the same host while sharing the same kernel opens the door for new attacks. However, limited research has been conducted in the area of securing cloud containers. This paper presents a resilient intrusion detection and resolution system for cloud-based containers. The system relies on two main pillars, a real-time smart behaviour monitoring mechanism to detect maliciously behaving containers, and a moving-target defence approach that applies runtime container migration to quarantine such containers and to minimise attack dispersion. To avoid zero-day targeted attacks, the system also induces random live migrations between running containers to obfuscate its execution behaviour. Such obfuscation makes it harder for attackers to execute their targeted attacks. The system was tested by a big-data application using a container-based Apache Hadoop cluster to demonstrate the system's ability to automatically deploy, monitor, detect, and respond to maliciously behaving applications by live migration or by rolling back the container to a safe state. Results showed that the proposed system efficiently ensure safe and secure container operation.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Communication Networks and Distributed Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
