Skip to main content
SpringerLink
Log in

Container Network Performance Anomaly Detection Based on Extended Berkeley Packet Filter and Machine Learning

  • Conference paper
  • First Online:
Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD 2021)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 89))

Abstract

In the face of massive application containerization scenarios, traditional network performance anomaly detection has been unable to meet the requirements of cloud native scenarios in terms of granularity, performance, and security. Traditional network performance anomaly detection can only monitor the data exposed by the kernel. Coupled with system virtualization, it is difficult to monitor container-granular performance data, and it is easy to threaten system security by modifying the system and applications extract data. In response to these problems, this work proposes a non-intrusive container network performance anomaly detection model. The model is based on extended Berkeley Packet Filter (eBPF) technology, through non-intrusive collection of process granularity data in the Linux kernel, to obtain container granularity network performance data, combined with machine learning classification methods, to identify whether the container network performance is abnormal. After testing, the model can accurately extract container network performance data, the overall system overhead is small, and the accuracy of identifying abnormal container network performance reached 98.1%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Singh, S., Singh, N.: Containers & docker: emerging roles & future of cloud technology. In: International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), 2016 2nd iCATccT Conference, pp. 804–807. IEEE (2016)

    Google Scholar 

  2. Madhumathi, R.: The relevance of container monitoring towards container intelligence. In: International Conference on Computing, Communication and Networking Technologies (ICCCNT), 2018 9th ICCCNT Conference, pp. 1–5. IEEE (2018)

    Google Scholar 

  3. Shiraishi, T., Noro, M., Kondo, R., et al.: Real-time monitoring system for container networks in the era of microservices. In: Asia-Pacific Network Operations and Management Symposium (APNOMS), 2020 21st APNOMS Conference, pp. 161–166. IEEE (2020)

    Google Scholar 

  4. Liu, C., Cai, Z., Wang, B., et al.” A protocol-independent container network observability analysis system based on eBPF. In: International Conference on Parallel and Distributed Systems (ICPADS), 2020 26th ICPADS Conference, pp. 697–702. IEEE (2020)

    Google Scholar 

  5. Mace, J., Fonseca, R.: Universal context propagation for distributed system instrumentation. In: Proceedings of the 13th EuroSys Conference, pp. 1–18. ACM (2018)

    Google Scholar 

  6. Sourceware: https://sourceware.org/systemtap/

  7. IO Visor: https://www.iovisor.org/

  8. Ftrace: Available: http://elinux.org/Ftrace

  9. Prometheus: Available: https://prometheus.io

  10. Istio: https://istio.io

  11. cAdvisor. https://github.com/google/cadvisor

  12. Li, Y., Luo, X., Li, B.: Detecting network-wide traffic anomalies based on robust multivariate probabilistic calibration model. In: Military Communications Conference (MILCOM), 2015 34th MILCOM Conference, pp. 1323–1328. IEEE (2015)

    Google Scholar 

  13. Lu, W., Ghorbani, A.A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009(1), 1–16 (2009). https://doi.org/10.1155/2009/837601

    Article  MATH  Google Scholar 

  14. Yu, M.: A Nonparametric Adaptive Kusum Method and Its Application in Network Anomaly Detection. International Journal of Advancements in Computing Technology 4(1), 280–288 (2012)

    Article  Google Scholar 

  15. Chkirbene, Z., Erbad, A., Hamila, R., Mohamed, A., Guizani, M., Hamdi, M.: TIDCS: a dynamic intrusion detection and classification system based feature selection. IEEE Access 8, 95864–95877 (2020)

    Article  Google Scholar 

  16. Chen, W., Wang, Z., Zhong, Y., et al.: ADSIM: network anomaly detection via similarity-aware heterogeneous ensemble learning. In: International Symposium on Integrated Network Management (IM), 2021 17th IM, pp. 608–612. IEEE (2021)

    Google Scholar 

  17. Viegas, E.K., Santin, A.O., Cogo, V.V., et al.: A reliable semi-supervised intrusion detection model: one year of network traffic anomalies. In: International Conference on Communications (ICC), 2020 ICC, pp. 1–6. IEEE (2020)

    Google Scholar 

  18. Odiathevar, M., Seah, W.K.G., Frean, M.: A hybrid online offline system for network anomaly detection. In: International Conference on Computer Communication and Networks (ICCCN), 2019 28th ICCCN, pp. 1–9. IEEE (2019)

    Google Scholar 

  19. Gantikow, H., Zöhner, T., Reich, C.: Container anomaly detection using neural networks analyzing system calls. In: Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), 2020 28th PDP, pp. 408–412. IEEE (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Xi’an University of Posts and Telecommunications, Xi’an, 710121, China

    Jinrong Liang, Lijun Chen, Zhihui Li & Jiaqing Bai

Authors
  1. Jinrong Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lijun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhihui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jiaqing Bai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Guizhou University, Guiyang, China

    Quan Xie

  2. Computer Science and Mathematics, University of São Paulo (USP), Ribeirão Preto, São Paulo, Brazil

    Liang Zhao

  3. College of Electrical and Information, Hunan University, Changsha, China

    Kenli Li

  4. Department of Mathematics, NIT Jalandhar, Jalandhar, India

    Anupam Yadav

  5. Electrical and Electronic Engineering, Nanyang Technological University, Singapore, Singapore

    Lipo Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liang, J., Chen, L., Li, Z., Bai, J. (2022). Container Network Performance Anomaly Detection Based on Extended Berkeley Packet Filter and Machine Learning. In: Xie, Q., Zhao, L., Li, K., Yadav, A., Wang, L. (eds) Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery. ICNC-FSKD 2021. Lecture Notes on Data Engineering and Communications Technologies, vol 89. Springer, Cham. https://doi.org/10.1007/978-3-030-89698-0_144

Download citation

Publish with us

Policies and ethics

Search

Navigation