基于Docker容器行为分析的安全隔离系统A Security Isolation System Based on Docker Container Behavior Analysis
王杰,巨汉基,杜跃,王语凡,崔文武
WANG Jie,JU Hanji,DU Yue,WANG Yufan,CUI Wenwu
摘要(Abstract):
当前智能电网信息化平台多采用容器来实现电力服务的微型化部署,但容器与外界交互频繁、性能脆弱,易瘫痪且易成为被攻击挟持的对象,严重影响信息化平台的安全运行。因此提出基于Docker容器行为分析的安全隔离系统,设计了系统架构和各个子模块,并重点介绍容器行为信息采集和容器行为异常检测关键技术。该安全隔离系统能够记录Docker容器行为,基于人工智能技术对记录数据进行实时分析,提前发现异常、识别攻击,根据预先制定的规则及策略处理安全威胁,为智能电网信息化平台的安全运行提供全方位保障。
The smart grid information platforms now mostly use containers to realize the miniaturization of power services,but the containers interact frequently with the outside,and their performance is fragile,and is prone to be paralyzed and becomes the object of attack and hostage,which impinges on the safe operation of the information platform.Therefore,the paper proposes a security isolation system based on Docker container behavior analysis,designs the system architecture and sub-modules,and focuses on the container behavior information collection and a key technology for container behavior anomaly detection.The security isolation system can record Docker container behavior,analyze the recorded data in real time based on artificial intelligence,discover abnormalities and identify attacks in advance,and deal with security threats according to pre-defined rules and strategies,providing an allround guarantee for the safe operation of smart grid information platform.
关键词(KeyWords):
Docker容器行为分析;安全隔离机制;异常检测
Docker container behavior analysis;security isolation mechanism;anomaly detection
基金项目(Foundation):
作者(Author):
王杰,巨汉基,杜跃,王语凡,崔文武
WANG Jie,JU Hanji,DU Yue,WANG Yufan,CUI Wenwu
DOI: 10.19585/j.zjdl.202205014
参考文献(References):
- [1]杨漾,敖知琪,刘佳,等.面向数字电网的基于容器技术的边缘计算数据处理机制[J].南方电网技术,2021,15(5):98-103.
- [2]顾雯轩,高原,顾文,等.适用于电网调控系统的轻量级容器技术实现[J].电力系统自动化,2021,31(2):116-121.
- [3]聂峥,章坚民,傅华渭.配变终端边缘节点化及容器化的关键技术和应用场景设计[J].电力系统自动化,2020,44(3):154-161.
- [4]JIANG W H,LI Z.Vulnerability analysis and security research of docker container[C]//2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education(ICISCAE).Dalian:IEEE,2020:354-357.
- [5]陈伟,涂俊亮.Docker容器安全的分析研究[J].通信技术,2020,53(12):3072-3077.
- [6]吕彬,徐国坤.Docker容器安全性分析与增强方案研究[J].保密科学技术,2021(1):15-22.
- [7]杨浚.容器为主的云负载平台的安全研究[J].信息技术与信息化,2020(12):164-165.
- [8]宋胜攀,刘振慧,庄东燃.开源容器技术安全分析[J].保密科学技术,2021(1):29-35.
- [9]KRASNOV A,MAITI R R,WILBORNE D M.Data storage security in docker[C]//2020 Southeast Con.NC,USA:IEEE,2020:1.
- [10]MP A R,KUMAR A,PAI S J,et al.Enhancing security of Docker using Linux hardening techniques[C]//20162nd International Conference on Applied and Theoretical Computing and Communication Technology(i CATcc T).Bangalore:IEEE,2016:94-99.
- [11]TOMAR A,JEENA D,MISHRA P,et al.Docker security:a threat model,attack taxonomy and real-time attack scenario of Do S[C]//2020 10th International Conference on Cloud Computing,Data Science&Engineering(Confluence).Noida:IEEE,2020:150-155.
- [12]王刘飞.Docker虚拟化安全隔离系统设计与实现[D].西安:西安电子科技大学,2018.
- [13]HUANG D,CUI H,WEN S,et al.Security analysis and threats detection techniques on docker container[C]//2019 IEEE 5th International Conference on Computer and Communications(ICCC).Chengdu:IEEE,2019:1214-1220.
- [14]LOUKIDIS-ANDREOU F,GIANNAKOPOULOS I,DOKA K.Docker-sec:a fully automated container security enhancement mechanism[C]//2018 IEEE 38th International Conference on Distributed Computing Systems.Vienna:IEEE,2018:1561-1564.
- [15]BRADY K,MOON S,NGUYEN T,et al.Docker container security in cloud computing[C]//2020 10th Annual Computing and Communication Workshop and Conference(CCWC).Las Vegas:IEEE,2020:975-980.