Titulo Estágio
Simulating Realistic Cyberattacks in Kubernetes Environments for Validation
Local do Estágio
Rua Dom João Castro n.12, 3030-384 Coimbra, Portugal
Enquadramento
With the rapid adoption of cloud-native technologies and microservice-based architectures, Kubernetes (K8s) has become the de facto standard for deploying and managing distributed applications. While Kubernetes offers significant scalability and automation benefits, it also expands the attack surface due to complex network policies, frequent configuration changes, and distributed communication between pods.
To address these challenges, DeepGuardian (developed by OneSource) is a framework that leverages Machine Learning (ML) models to detect and classify anomalies in network traffic. It enables real-time monitoring and analysis of both inbound and outbound traffic in cloud-native environments. However, to ensure the accuracy and robustness of such detection systems, controlled, reproducible simulations of real-world attack scenarios are essential.
This internship aims to simulate diverse network-based attacks in realistic Kubernetes environments to generate high-quality, labeled datasets. In addition, it will involve the development of a component responsible for automatically generating various types of attacks. These resources will support DeepGuardian’s future ability to accurately predict and classify different categories of malicious activity, including reconnaissance, privilege escalation, data exfiltration, and lateral movement.
Objetivo
The primary goal of this internship is to simulate a range of realistic attack scenarios in a Kubernetes environment.
Specifically, the objectives are to:
● Simulate diverse and realistic attack scenarios using tools such as CALDERA, Metasploit, kubectl hijacking techniques, or network scanners.
● Capture, log, and label all network activity — both benign and malicious — with ground truth annotations.
● Create structured datasets enriched with metadata (e.g., timestamps, pod names, attack types) for future use in training and evaluating DeepGuardian.
● Package the environment and attack scenarios for reproducibility (e.g., using Helm charts or Docker Compose).
Plano de Trabalhos - Semestre 1
1. Literature Review: Study Kubernetes architecture, networking, and DeepGuardian’s integration points. Analyze common attack patterns in Kubernetes and review existing open-source attack simulation tools;
2. Workload Setup: Deploy a realistic microservices architecture and configure internal service communication, namespaces, and network policies;
3. Normal behavior & logging infrastructure: Simulate normal (benign) service interactions and configure tools to monitor and log traffic;
4. Initial attacks simulations: Simulate basic attack scenarios, collect logs, and label the traffic accordingly;
5. Intermediate Report: Draft the first version of the thesis, including problem definition, objectives, related work, and initial results;
Plano de Trabalhos - Semestre 2
1. Advanced Attack Simulation: Execute more complex and multi-stage attack chains representing realistic threat scenarios (e.g., lateral movement, privilege escalation);
2. Ground Truth labeling: Correlate logs and network traffic with the specific attack steps. Apply a consistent labeling scheme and validate the separation of benign and malicious activity;
3. Scenario Deployment: Finalize all Kubernetes attack scenarios and develop a deployment component or script to reproduce and manage these simulations;
4. Final Thesis Writing: Complete the thesis with final results, documentation of the simulated environment, and delivery of the labeled datasets and tools;
Condições
The trainee will have all the necessary conditions to carry out the planned tasks, being integrated into the research and development teams within European research projects in which OneSource is involved.
Orientador
Jorge Diogo Gomes Proença
jorge.proenca@onesource.pt 📩