Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Reinforcement Learning-Based Resource exhaustion attack detection and response in Kubernetes

쿠버네티스 환경에서의 강화학습 기반 자원 고갈 탐지 및 대응 기술에 관한 연구

  • 김리영 (성신여자대학교 미래융합기술공학과) ;
  • 김성민 (성신여자대학교 융합보안공학과)
  • Received : 2023.09.30
  • Accepted : 2023.10.16
  • Published : 2023.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

쿠버네티스는 컨테이너 통합 관리를 위한 대표적인 오픈소스 기반 소프트웨어로, 컨테이너에 할당된 자원을 모니터링하고 관리하는 핵심적인 역할을 한다. 컨테이너 환경이 보편화됨에 따라 컨테이너를 대상으로 한 보안 위협이 지속적으로 증가하고 있으며, 대표적인 공격으로는 자원 고갈 공격이 있다. 이는 악성 크립토마이닝 소프트웨어를 컨테이너 형태로 배포하여 자원을 탈취함으로써, 자원을 공유하는 호스트 및 다른 컨테이너의 동작에 영향을 끼친다. 선행 연구는 자원 고갈 공격의 탐지에 초점이 맞춰져 있어 공격 발생 시 대응하는 기술은 부족한 실정이다. 본 논문은 쿠버네티스 환경에서 구동되는 컨테이너를 대상으로 한 자원 고갈 공격 및 악성 컨테이너를 탐지하고 대응하기 위한 강화학습 기반 동적 자원 관리 프레임워크를 제안한다. 이를 위해, 자원 고갈 공격 대응 관점에서의 강화학습 적용을 위한 환경의 상태, 행동, 보상을 정의하였다. 제안한 방법론을 통해, 컨테이너 환경에서의 자원 고갈 공격에 강인한 환경을 구축하는 데 기여할 것으로 기대한다.

Keywords

Acknowledgement

본 논문은 2023년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원(NRF-2021R1G1A100632611), 산업통상자원부의 재원으로 한국산업기술진흥원의 지원(P0008703, 2022년 산업혁신인재성장지원사업) , 과학기술정보통신부 및 정보통신기획평가원의 ICT혁신인재4.0 사업(IITP-2022-RS-2022-00156310)의 연구결과로 수행되었음.

References

  1. 박재현, "황금기 맞이한 국내 쿠버네티스 시장," http://www.itdaily.kr/news/articleView.html?idxno=212840, 2023.
  2. Kubernetes - Horizontal Pod Autoscaler, https://kubernetes.io/ko/docs/tasks/run-application/horizontal-pod-autoscale/, 접속 : 2023-09-27.
  3. Google Cloud, "Threat Horizons Cloud Threat Intelligence 2021," https://bit.ly/41THxbT, 2021
  4. C. N. C. Foundation, "Cloud native survey 2020," https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf, 2020.
  5. A. A. Khaleq and I. Ra, "Intelligent Autoscaling of Microservices in the Cloud for Real-Time Applications," in IEEE Access, vol. 9, pp. 35464-35476, 2021.
  6. S. Horovitz and Y. Arian, "Efficient Cloud Auto-Scaling with SLA Objective Using Q-Learning," 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 85-92, 2018.
  7. T. Veni and S. Mary Saira Bhanu, "Auto-scale: automatic scaling of virtualised resources using neuro-fuzzy reinforcement learning approach," International Journal of Big Data Intelligence 3.3, pp. 145-153, 2016.
  8. J. V. Bibal Benifa and D. Dejey, "Rlpas: Reinforcement learning-based proactive auto-scaler for resource provisioning in cloud environment," Mobile Networks and Applications 24, pp. 1348-1363, 2019.
  9. F. Rossi, M. Nardelli and V. Cardellini, "Horizontal and Vertical Scaling of Container-Based Applications Using Reinforcement Learning," 2019 IEEE 12th International Conference on Cloud Computing (CLOUD), pp. 329-338, 2019.
  10. Z. Zhang, T. Wang, A. Li and W. Zhang, "Adaptive Auto-Scaling of Delay-Sensitive Serverless Services with Reinforcement Learning," 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 866-871, 2022.
  11. C. Priebe, D. Muthukumaran, D. O'Keeffe, D. Eyers, B. Shand, R. Kapitza and P. Pietzuch, "Cloudsafetynet: Detecting data leakage between cloud tenants," Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, pp. 117-128, 2014.
  12. 이준희, 남재현, and 김진우, "컨테이너 환경에서의 호스트 자원 고갈 공격 영향 분석," 정보보호학회논문지 3 .1, pp. 87-97, 2023.
  13. M. Musch, C. Wressnegger, M. Johns and K. Rieck, "Thieves in the browser: Web-based cryptojacking in the wild," Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1-10, 2019.
  14. F. Gomes and M. Correia, "Cryptojacking Detection with CPU Usage Metrics," 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA), pp. 1-10, 2020.
  15. A. D. Yulianto, P. Sukarno, A. A. Warrdana and M. A. Makky, "Mitigation of Cryptojacking Attacks Using Taint Analysis," 2019 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), pp. 234-238, 2019.
  16. R. R. Karn, P. Kudva, H. Huang, S. Suneja and I. M. Elfadel, "Cryptomining Detection in Container Clouds Using System Calls and Explainable Machine Learning," in IEEE Transactions on Parallel and Distributed Systems, vol. 32, no. 3, pp. 674-691, 2021.
  17. M. Zhan, Y. Li, H. Yang, G. Yu, B. Li and W. Wang, "Coda: Runtime Detection of Application-Layer CPU-Exhaustion DoS Attacks in Containers," in IEEE Transactions on Services Computing, vol. 16, no. 3, pp. 1686-1697, 2023.
  18. A. F. Baarzi, G. Kesidis, D. Fleck and A. Stavrou, "Microservices made attack-resilient using unsupervised service fissioning," Proceedings of the 13th European workshop on Systems Security, pp. 31-36, 2020.
  19. J. Castro, N. Laranjeiro and M. Vieira, "Detecting DoS Attacks in Microservice Applications: Approach and Case Study," Proceedings of the 11th Latin-American Symposium on Dependable Computing, pp. 73-78, 2022.
  20. eBPF, https://ebpf.io/, 접속 : 2023-09-27.
  21. M. Caprolu, S. Raponi, G. Oligeri and R. Di Pietro, "Cryptomining makes noise: Detecting cryptojacking via machine learning," Computer Communications 171, pp. 126-139, 2021.
  22. H. N. C. Neto, M. A. Lopez, N. C. Fernandes and D. M. Mattos, "Minecap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking," Annals of Telecommunications 75, pp. 121-131, 2020.
  23. A. Gangwal, S. G. Piazzetta, G. Lain and M. Conti, "Detecting covert cryptomining using hpc," Cryptology and Network Security: 19th International Conference, pp. 344-364, 2020.
  24. H. Darabian, S. Homayounoot, A. Dehghantanha, S. Hashemi, H. Karimipour, R. M. Parizi and K. K. R. Choo, "Detecting cryptomining malware: a deep learning approach for static and dynamic analysis," Journal of Grid Computing 18, pp. 293-303, 2020.