Litcius/Paper detail

Container Escape Detection for Edge Devices

James Pope, Francesco Raimondo, Vijay Kumar, Ryan McConville, Robert J. Piechocki, George Oikonomou, Thomas Pasquier, Bo Luo, Dan Howarth, Ioannis Mavromatis, Pietro Carnelli, Adrián Sánchez-Mompó, Theodoros Spyridopoulos, Aftab Khan

202111 citationsDOIOpen Access PDF

Abstract

Edge computing is rapidly changing the IoT-Cloud landscape. Various testbeds are now able to run multiple Docker-like containers developed and deployed by end-users on edge devices. However, this capability may allow an attacker to deploy a malicious container on the host and compromise it. This paper presents a dataset based on the Linux Auditing System, which contains malicious and benign container activity. We developed two malicious scenarios, a denial of service and a privilege escalation attack, where an adversary uses a container to compromise the edge device. Furthermore, we deployed benign user containers to run in parallel with the malicious containers. Container activity can be captured through the host system via system calls. Our time series auditd dataset contains partial labels for the benign and malicious related system calls. Generating the dataset is largely automated using a provided AutoCES framework. We also present a semi-supervised machine learning use case with the collected data to demonstrate its utility. The dataset and framework code are open-source and publicly available.

Topics & Concepts

Computer scienceContainer (type theory)Denial-of-service attackCloud computingAdversaryHost (biology)Enhanced Data Rates for GSM EvolutionComputer securityEdge computingMalwarePrivilege (computing)Edge deviceOperating systemDistributed computingThe InternetArtificial intelligenceEcologyBiologyEngineeringMechanical engineeringNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesSoftware System Performance and Reliability