A Few to Unveil Them All: Leveraging Mixture of Experts on Minimal Data for Detecting Covert Channels in Containerized Cloud Infrastructures

Containers are fundamental to pursue the vision of cloud-native applications and implement frameworks taking advantage of the microservice paradigm. Owing to their rapid diffusion, understanding the security posture of containerized deployments is of prime importance. An aspect largely neglected con...

Full description

Saved in:
Bibliographic Details
Main Authors: Caviglione, Luca, Guarascio, Massimo, Pisani, Francesco Sergio, Zuppelli, Marco
Format: Conference Proceeding
Language:English
Subjects:
container security
Containers
covert channels
deep ensemble methods
Docker
Ensemble learning
Microservice architectures
mixture of experts
Privacy
Scalability
Security
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Containers are fundamental to pursue the vision of cloud-native applications and implement frameworks taking advantage of the microservice paradigm. Owing to their rapid diffusion, understanding the security posture of containerized deployments is of prime importance. An aspect largely neglected concerns network covert channels, which can be used to implement advanced persistent threats or ex-filtrate sensitive data. Unfortunately, revealing the presence of parasitic information hidden in network traffic is a hard task often clashing with privacy, performance and scalability constraints. Therefore, this paper proposes to use a mixture of experts, i.e., deep neural models trained on local datasets that are combined to enhance the overall detection capabilities. Results obtained by considering covert communications targeting the TTL field of IPv4 traffic collected in realistic settings demonstrated the effectiveness of our approach.
ISSN:2768-0657
DOI:10.1109/EuroSPW61312.2024.00090