High Performance Intrusion Detection and Prevention for Software-Defined Container Networks in the Cloud

About

• Advances in cloud computing systems in recent years have led to the development of applications based on the microservices architecture to meet the high performance requirements of systems using the cloud. This architecture includes a complex application structure that consists of services that exist as independent entities and interact with each other through specific APIs.
• Microservice architecture frequently uses a structure called container, which is much lighter and faster than virtual machines in the cloud. The rapid digital transformation experienced in recent years has led to the widespread use of container-based application structures, and software-defined network models have been proposed for the agile management of container networks in the last 2-3 years.
• The proliferation of container networks has revealed the potential of exposing these networks to many cyberattacks caused by the malicious capture of endpoints such as IoT devices. Software-defined container networks in the cloud are a fairly new concept, and yet machine learning-based models for automatic attack detection and prevention for these networks are not available in research literature or real-world applications.
• The main goal of this project is to develop a unique intrusion detection and prevention architecture based on software-defined networks based on machine learning methods for container-based application architectures in cloud systems. In the literature, there are currently no high-performance machine learning models that can detect attacks in software-defined networks when trained with a small amount of training data.
• The performance of machine learning-based models is adversely affected due to the difficulty of data tagging and the scarcity of data on emerging attacks. The few-shot attack detection models to be developed in this project will close this gap and make an important contribution to machine learning-based intrusion detection systems.
• The publication of the software defined container network data set to be created in the project with open access will close the data gap that has not yet been created for software defined container networks in the literature, and will pave the way for the development of machine learning based methods in this regard. In addition, the active learning module to be developed in the project will be the first to include humans in the loop for the learning process of detecting attacks in software defined networks. With this module, it will be possible to include the views of experts in cyber incident response centers into the live learning process, and the performance of continously learning intrusion detection systems will be increased.

People

• Dr. Pelin Angin
• Yigit Sever
• Mohamed Aly Amin
• Adnan Harun Dogan
• Ilter Taha Aktolga
• Yalginay Yaltirik
• Alp Eren Yalcin
• Baver Bayhan
• Ali Komurcu
• Fatma Ceyda Gokce
• Serif Can Tekin
• Munteha Nur Bedir Tuzun
• Ismail Tuzun
• Goktug Ekinci
• Bugra Alparslan
• Abdurrahman Said Gurbuz
• Vahab Jabrayilov
• Batuhan Dilek

Dataset

Misuse Detection in Containers Dataset

Tutorial

Attack Demonstrations

Publications

Journal

• AI-Driven Container Security Approaches for 5G and Beyond: A Survey

Conference Publications

• Misuse Detection and Response for Orchestrated Microservices Based Software
• Network Intrusion Detection with Incremental Active Learning
• An Empirical Analysis of IDS Approaches in Container Security

MSc. Theses

• Network Attack Classification with Few-Shot Learning Methods, Ismail Tuzun -September 2022
• Network Attack Classification with Active Learning, Munteha Nur Bedir Tuzun -September 2022