Titulo Estágio
AI-Based Intrusion Detection Mechanisms for Cloud-native Services
Áreas de especialidade
Sistemas Inteligentes
Local do Estágio
IPN - Instituto Pedro Nunes (Laboratório de Informática e Sistemas)
Enquadramento
As the adoption of cloud-native architectures and containerization increases, Kubernetes, Docker and container orchestration frameworks are being heavily used for deploying applications. Nevertheless, it does not come without its difficulties as ensuring the security of these distributed environments remains a significant challenge. Intrusion detection systems (IDS) play a crucial role in identifying and preventing potential security breaches.
Traditional IDS approaches rely on signature-based or rule-based detection methods, which often struggle to keep up with rapidly evolving attack vectors. To address this limitation, leveraging Artificial Intelligence (AI) techniques can enhance intrusion detection by automatically learning patterns and detecting anomalies in real-time.
This thesis aims to explore AI-based intrusion detection mechanisms that utilize one or more of the following: (i) container deployment metrics (e.g., resource utilization, performance, scalability), (ii) context awareness (e.g., access patterns, network condition or location), and (iii) service state (e.g., operating system calls, service logs, authentication logs or configuration integrity) analysis for effective and efficient detection of anomalies in cloud-native environments.
By leveraging the dynamic and contextual information provided by container and service deployment metrics, such as the other mentioned above, it is possible to develop intelligent intrusion detection systems capable of detecting sophisticated attacks without the need for extensive training data (e.g., with auto-encoders). Nevertheless, in case the chosen machine learning methods require training data, there are context-specific sources available online (e.g., KDD-Cup99 HTTP (1), ADFA-LD (2) or Numenta Anomaly Benchmark (NAB) (3)) as well as general purposes datasets that could be leveraged for training / validation purposes (e.g., ADRepository (4), TS-anomaly-detection (5) and several others (6)). This work may propose novel solutions or leverage previous work that targets intrusion detection on IoT devices and extend current work.
This topic is part of the NEXUS project, in which Pedro Nunes Institute (IPN) is a consortium member.
________
(1) https://www.kdd.org/kdd-cup/view/kdd-cup-1999/Data
(2) https://research.unsw.edu.au/projects/adfa-ids-datasets
(3) https://github.com/numenta/NAB
(4) https://github.com/GuansongPang/ADRepository-Anomaly-detection-datasets
(5) https://github.com/rob-med/awesome-TS-anomaly-detection
(6) Guansong Pang, Chunhua Shen, Longbing Cao, and Anton Van Den Hengel. 2021. Deep Learning for Anomaly Detection: A Review. ACM Comput. Surv. 54, 2, Article 38 (March 2022), 38 pages. https://doi.org/10.1145/3439950
Objetivo
The primary objective of this thesis is to design and develop an AI-based intrusion detection mechanism that leverages container deployment metrics, context awareness, and service state analysis for real-time detection of intrusions in container-based environments. The activities of this master thesis include the objectives:
• Review and analyse existing intrusion detection mechanisms and AI-based techniques in cloud-native environments considering the following three vectors:
1. Explore the usage of container deployment metrics, including resource usage, network traffic, and behaviour patterns, for detecting anomalies and potential intrusions.
2. Investigate context-awareness techniques to enhance intrusion detection by considering environmental factors, user behaviour, and system interactions.
3. Incorporate service state analysis, including system logs, process monitoring, and configuration integrity, to improve the accuracy and reliability of intrusion detection.
• Design and implement an AI-based intrusion detection system that considers at least one of the following vectors: deployment metrics, context awareness, and service state analysis.
• Evaluate the performance, effectiveness, and efficiency of the developed system using realistic cloud-native environments and representative attack scenarios (this can be achieved in project pilots and demonstration setups associated to the project).
• Provide recommendations and guidelines for deploying and integrating the proposed intrusion detection mechanism in cloud-native environments such as Kubernetes or Docker.
By the end of this research, the student is expected to develop an AI-based intrusion detection mechanism that effectively detects and mitigates intrusions in cloud-native environments (one can be chosen at the beginning of the internship). This solution should leverage either container deployment metrics, context awareness, or device state analysis to enhance security without relying heavily on training data. The research outcomes will contribute to the field of intrusion detection in cloud-native environments and provide valuable insights for organizations seeking advanced security solutions.
Plano de Trabalhos - Semestre 1
[Weeks 1-4] - Literature review on intrusion detection mechanisms, AI techniques in cloud-native environments, and relevant container deployment metrics.
[Weeks 5-8] - Research and analyse context-awareness techniques for enhancing intrusion detection and device state analysis methods.
[Weeks 9-12] - Design and architecture of the AI-based intrusion detection system incorporating container deployment metrics, context awareness, and device state analysis.
[Weeks 13-15] - Implement and evaluate initial prototypes of the intrusion detection system using test environments and simulated attack scenarios.
[Week 16-20] – Prepare first intermediate report.
Plano de Trabalhos - Semestre 2
[Weeks 1-6] - Refine and enhance the intrusion detection system based on the evaluation results of the first prototypes.
[Weeks 7-10] - Perform comprehensive experiments and evaluations using cloud-native environments and diverse attack scenarios (at least 3 distinct attack scenarios should be considered).
[Weeks 11-15] - Analyse the experimental results, compare against existing intrusion detection mechanisms, and fine-tune the system based on performance and effectiveness metrics.
[Week 16-20] - Finalize the master's thesis report, submission of document and preparation for final thesis defence.
Condições
The workplace will be at the Instituto Pedro Nunes (IPN) Computer and Systems Laboratory.
Remunerated internship according to the IPN's scholarship regulations approved by FCT.
Observações
During the application phase, doubts related to this proposal, namely about the objectives and conditions, must be clarified with the supervisors, via email or a meeting, to be scheduled after contact by email.
Orientador
Paulo Miguel Guimarães da Silva
pmgsilva@ipn.pt 📩