Container safety detection method based on machine learning

A machine learning and security detection technology, applied in the field of container technology, can solve problems such as man-in-the-middle attacks, achieve low false positive rate, high intrusion detection rate, and solve the problem of man-in-the-middle attacks

Inactive Publication Date: 2021-06-01
NANJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the process of using containers, users usually choose to download images directly from the warehouse, and rarely check the downloaded images, which allows malicious users to attack user containers and hosts by uploading vulnerable images
In addition, the Docker official did not perform correct verification on the pulled image, so that some data may be replaced during the image transmission process, that is, there is a possibility of man-in-the-middle attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container safety detection method based on machine learning
  • Container safety detection method based on machine learning
  • Container safety detection method based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be further described below in conjunction with the accompanying drawings.

[0030] Such as Figure 1~5Shown is a container security detection method based on machine learning. First, when the user pulls the image from the Docker warehouse to the local, the method uses the image vulnerability scanning tool to scan the vulnerability information in the image pulled by the user. By comparing the general vulnerability information The library obtains the detailed information of the vulnerability, and then obtains the vulnerability risk score through the vulnerability assessment system, and finally collects all the vulnerability scores and information in the image, and evaluates the overall security of the image. If the image evaluation result is insecure, remind or delete the mirror, otherwise, the user can download the mirror normally and allow the mirror to be used. After the user creates a container through the mirror image, the method enters th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a container security detection method based on machine learning. The method comprises the following steps: collecting local mirror image information and running container information through a script; scanning mirror image vulnerability information through a tool Anchore; evaluating the vulnerability severity score by using CVSS; realizing the mirror image security evaluation according to all vulnerability scoring results of the mirror image; collecting system calls generated by the container in operation through a tool Strace; generating a system call mapping file in combination with the system call table; characterizing the system call mapping file in combination with a sliding window method; calculating a TF-IDF value of each word in the feature file by using an optimized machine learning method TF-IDF; performing training or detecting by using the features; and updating local data, so the intrusion detection rate is improved. Vulnerability detection and evaluation of the container mirror image and intrusion detection of the container in operation are fused, and safety detection of the container in the whole life cycle from mirror image downloading to operation ending is achieved.

Description

technical field [0001] The invention relates to a container security detection method based on machine learning, which is mainly used for the vulnerability detection and evaluation of the Docker image and the intrusion detection of the running Docker container, and provides security detection for the Docker container from the image pulling to the end of the container operation, Belongs to container technology. Background technique [0002] Container technology is a type of lightweight virtualization technology that provides a lightweight virtual environment by grouping and isolating a set of processes and resources (such as memory, CPU, disk, etc.) from the host and any other containers. environment. Docker technology is a leader in container technology. Its appearance effectively solves the problems of application operating environment and configuration, and lays a solid foundation for continuous integration and continuous deployment. While container technology provides u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/57G06N20/00
CPCG06F9/45558G06F21/577G06F2009/45587G06N20/00
Inventor 季一木杨卫东刘尚东刘强王汝传
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap