Semantics-Based Anomaly Detection of Processes in Linux Containers

With the development of the cloud computing, Linux containers are playing an important role in industrial use, however, the containers are suffering more and more cyber-attacks. A novel semantics-based anomaly detection approach of processes in Linux containers is presented and implemented in this paper, which extracts the features of processes by using the system calls produced by container behaviors, finds the relations between the processes, and builds the features tree of the processes. Experiments show that the approach we proposed can identify the abnormal processes effectively in Linux containers.