Logo image
Back
On the Automatic Identification of Misconfiguration Errors in Cloud Native Systems
Conference proceeding   Open access

On the Automatic Identification of Misconfiguration Errors in Cloud Native Systems

Brian S Mitchell, Spiros Mancoridis and Jainam Kashyap
AICCC '24: Proceedings of the 2024 7th Artificial Intelligence and Cloud Computing Conference, pp 539-548
09 Jul 2025
DOI: https://doi.org/10.1145/3719384.3719463
Featured in Collection :   Research Supported by Drexel Libraries' OA Programs
url
https://doi.org/10.1145/3719384.3719463View
Published, Version of Record (VoR)Open Access via Drexel Libraries Read and Publish Program 2025CC BY V4.0 Open

Abstract

The frequency of notable data breaches in cloud native systems has increased over the past several years causing many problems for both large and small organizations. These systems have a very large attack surface associated with the use of many publicly-accessible APIs that can make differentiating between normal and malicious behavior difficult to classify. The nature of managing every aspect of cloud native systems is prone to misconfiguration errors, requiring the setting and auditing of thousands of parameters in enterprise systems. Successful data breaches require bad actors to remain undetected for long periods of time so that data exfiltration does not trigger intrusion protection controls. In this paper we recreate a realistic cloud native environment to emulate a data breach attack using common API misconfiguration mistakes. We then introduce a tool we created to collect system call data from the kernels in a Kubernetes cluster that is used to train machine learning models capable of differentiating normal from suspicious activity during emulated stealthy attacks.

Metrics

10 Record Views

Details

Logo image