1. Container Escape Detection for Edge Devices
- Author
-
Thomas Pasquier, Francesco Raimondo, Theodoros Spyridopoulos, Adrian Sanchez-Mompo, Bo Luo, James Pope, Pietro E. Carnelli, Ioannis Mavromatis, Robert J. Piechocki, Ryan McConville, Dan Howarth, Vijay Kumar, George Oikonomou, and Aftab Khan
- Subjects
Cybersecurity ,Edge device ,Computer science ,business.industry ,Container Escape ,Cyber Security ,Denial-of-service attack ,Adversary ,Container (abstract data type) ,Datasets ,Anomaly Detection ,Anomaly detection ,business ,Host (network) ,Privilege escalation ,Edge computing ,Computer network - Abstract
Edge computing is rapidly changing the IoT-Cloud landscape. Various testbeds are now able to run multiple Docker-like containers developed and deployed by end-users on edge devices. However, this capability may allow an attacker to deploy a malicious container on the host and compromise it. This paper presents a dataset based on the Linux Auditing System, which contains malicious and benign container activity. We developed two malicious scenarios, a denial of service and a privilege escalation attack, where an adversary uses a container to compromise the edge device. Furthermore, we deployed benign user containers to run in parallel with the malicious containers. Container activity can be captured through the host system via system calls. Our time series auditd dataset contains partial labels for the benign and malicious related system calls. Generating the dataset is largely automated using a provided AutoCES framework. We also present a semi-supervised machine learning use case with the collected data to demonstrate its utility. The dataset and framework code are open-source and publicly available.
- Published
- 2021
- Full Text
- View/download PDF