Close this search box.

Flora J., Gonçalves P.; Antunes N.

2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC)


Containers revolutionized cloud applications, as they are lightweight, highly portable and ideal for microservices. Although they are being adopted in business-critical scenarios, they introduce security concerns which are exacerbated in multi-tenant environments. Intrusion detection techniques can help, but they have received limited attention in this context. This paper presents an approach that uses attack injection to evaluate the effectiveness of intrusion detection in container-based systems. We use a TPC-C workload, with a database engine running as a container, while monitoring its system calls. First, the algorithms are submitted to benign workloads to learn the application profile. Then, we execute a set of attack injection experiments with diverse attacks, and we verify whether the algorithms report them. An experiment was designed to evaluate the algorithms in Docker and LXC containers, and in a traditional OS deployment for comparison. The results show that the approach is effective in evaluating the algorithms in different scenarios. The algorithms consistently detect most of the attacks (89+%). The precision values show more variance, but with careful tuning and richer workloads, this problem can be mitigated.