基于OpenStack云平台的Docker容器安全监测方法研究  被引量:4

Research on security monitoring method of Docker container engine based on OpenStack cloud platform

在线阅读下载全文

作  者:崔轲 燕玮[1] 刘子健 张慕榕 贾星威 许凤凯 Cui Ke;Yan Wei;Liu Zijian;Zhang Murong;Jia Xingwei;Xu Fengkai(National Computer System Engineering Research Institute of China,Beijing 100083,China)

机构地区:[1]华北计算机系统工程研究所,北京100083

出  处:《信息技术与网络安全》2022年第4期65-70,共6页Information Technology and Network Security

基  金:国防基础科研计划(JCKY2020211B005)。

摘  要:随着虚拟化技术和容器技术的兴起,容器安全问题引起了社会和企业的广泛重视。针对传统的监控方式对Docker容器信息监控不全面、易产生监控黑洞等问题,提出一种针对OpenStack云平台下的Docker容器安全监测方法,该方法针对性强,资源占用率小,除了实现传统监测功能外,通过采用Logistic-ARMA预警模型和BERT序列标注,还可以实现对DoS攻击、容器逃逸等恶意攻击的有效监测,且根据容器规模不同可实现自定义的预警功能。经过实验验证,该方法在大规模容器网络中威胁预测准确率可达85%以上。With the rise of virtualization technology and container technology,container security has attracted extensive attention of society and enterprises.In view of the problems that the traditional monitoring method does not fully monitor the Docker container information and is easy to produce monitoring black holes,this paper proposes a Docker container security monitoring method under the OpenStack cloud platform.This method has strong pertinence and low resource occupancy.In addition to realizing the traditional monitoring function,this methocl can effectively monitor the malicious attacks such as DoS attack and container escape by using the Logistic-ARMA warning model and BERT sequence annotation,and realize the customized early warning functions according to different container sizes.Experimental results show that the accuracy of threat prediction in large-scale container networks can reach more than 85%.

关 键 词:Docker容器 Logistic-ARMA Bert序列标注 大规模容器网络 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象