AI-enabled systems

Attack and anomaly detection in containerized systems: signature and rule-based approaches

I. V. Kotenko, M. V. Melnik

St. Petersburg Federal Research Center of the Russian Academy of Sciences, St. Petersburg, Russia

Abstract: The article considers one of the key problems of container systems related to the detection of attacks and anomalies. The mechanisms of isolation of container systems and attacks on such systems are described. A classification of approaches to the detection of attacks and anomalies is presented. A systematic analysis of the main approaches to the detection of attacks and anomalies in container systems, as well as methods for their implementation, is performed. Traditional approaches based on signatures and rules, their features, advantages and disadvantages are considered in detail.

Keywords: container systems, cyber security, attack detection, anomaly detection, machine learning, signatures, rules.

DOI: 10.14357/20718594250101

Bibliographic databases:

•