Abstract
In the face of massive application containerization scenarios, traditional network performance anomaly detection has been unable to meet the requirements of cloud native scenarios in terms of granularity, performance, and security. Traditional network performance anomaly detection can only monitor the data exposed by the kernel. Coupled with system virtualization, it is difficult to monitor container-granular performance data, and it is easy to threaten system security by modifying the system and applications extract data. In response to these problems, this work proposes a non-intrusive container network performance anomaly detection model. The model is based on extended Berkeley Packet Filter (eBPF) technology, through non-intrusive collection of process granularity data in the Linux kernel, to obtain container granularity network performance data, combined with machine learning classification methods, to identify whether the container network performance is abnormal. After testing, the model can accurately extract container network performance data, the overall system overhead is small, and the accuracy of identifying abnormal container network performance reached 98.1%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Singh, S., Singh, N.: Containers & docker: emerging roles & future of cloud technology. In: International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), 2016 2nd iCATccT Conference, pp. 804–807. IEEE (2016)
Madhumathi, R.: The relevance of container monitoring towards container intelligence. In: International Conference on Computing, Communication and Networking Technologies (ICCCNT), 2018 9th ICCCNT Conference, pp. 1–5. IEEE (2018)
Shiraishi, T., Noro, M., Kondo, R., et al.: Real-time monitoring system for container networks in the era of microservices. In: Asia-Pacific Network Operations and Management Symposium (APNOMS), 2020 21st APNOMS Conference, pp. 161–166. IEEE (2020)
Liu, C., Cai, Z., Wang, B., et al.” A protocol-independent container network observability analysis system based on eBPF. In: International Conference on Parallel and Distributed Systems (ICPADS), 2020 26th ICPADS Conference, pp. 697–702. IEEE (2020)
Mace, J., Fonseca, R.: Universal context propagation for distributed system instrumentation. In: Proceedings of the 13th EuroSys Conference, pp. 1–18. ACM (2018)
Sourceware: https://sourceware.org/systemtap/
IO Visor: https://www.iovisor.org/
Ftrace: Available: http://elinux.org/Ftrace
Prometheus: Available: https://prometheus.io
Istio: https://istio.io
cAdvisor. https://github.com/google/cadvisor
Li, Y., Luo, X., Li, B.: Detecting network-wide traffic anomalies based on robust multivariate probabilistic calibration model. In: Military Communications Conference (MILCOM), 2015 34th MILCOM Conference, pp. 1323–1328. IEEE (2015)
Lu, W., Ghorbani, A.A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009(1), 1–16 (2009). https://doi.org/10.1155/2009/837601
Yu, M.: A Nonparametric Adaptive Kusum Method and Its Application in Network Anomaly Detection. International Journal of Advancements in Computing Technology 4(1), 280–288 (2012)
Chkirbene, Z., Erbad, A., Hamila, R., Mohamed, A., Guizani, M., Hamdi, M.: TIDCS: a dynamic intrusion detection and classification system based feature selection. IEEE Access 8, 95864–95877 (2020)
Chen, W., Wang, Z., Zhong, Y., et al.: ADSIM: network anomaly detection via similarity-aware heterogeneous ensemble learning. In: International Symposium on Integrated Network Management (IM), 2021 17th IM, pp. 608–612. IEEE (2021)
Viegas, E.K., Santin, A.O., Cogo, V.V., et al.: A reliable semi-supervised intrusion detection model: one year of network traffic anomalies. In: International Conference on Communications (ICC), 2020 ICC, pp. 1–6. IEEE (2020)
Odiathevar, M., Seah, W.K.G., Frean, M.: A hybrid online offline system for network anomaly detection. In: International Conference on Computer Communication and Networks (ICCCN), 2019 28th ICCCN, pp. 1–9. IEEE (2019)
Gantikow, H., Zöhner, T., Reich, C.: Container anomaly detection using neural networks analyzing system calls. In: Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), 2020 28th PDP, pp. 408–412. IEEE (2020)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Liang, J., Chen, L., Li, Z., Bai, J. (2022). Container Network Performance Anomaly Detection Based on Extended Berkeley Packet Filter and Machine Learning. In: Xie, Q., Zhao, L., Li, K., Yadav, A., Wang, L. (eds) Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery. ICNC-FSKD 2021. Lecture Notes on Data Engineering and Communications Technologies, vol 89. Springer, Cham. https://doi.org/10.1007/978-3-030-89698-0_144
Download citation
DOI: https://doi.org/10.1007/978-3-030-89698-0_144
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89697-3
Online ISBN: 978-3-030-89698-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)