CN118171269A - DevOps container threat detection method and system based on generation countermeasure network - Google Patents
DevOps container threat detection method and system based on generation countermeasure network Download PDFInfo
- Publication number
- CN118171269A CN118171269A CN202410266029.8A CN202410266029A CN118171269A CN 118171269 A CN118171269 A CN 118171269A CN 202410266029 A CN202410266029 A CN 202410266029A CN 118171269 A CN118171269 A CN 118171269A
- Authority
- CN
- China
- Prior art keywords
- container
- network
- real
- detecting
- threat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 54
- 230000006399 behavior Effects 0.000 claims abstract description 30
- 238000012549 training Methods 0.000 claims abstract description 28
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 19
- 230000004913 activation Effects 0.000 claims abstract description 14
- 230000004044 response Effects 0.000 claims abstract description 13
- 238000004519 manufacturing process Methods 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 36
- 230000006870 function Effects 0.000 claims description 26
- 238000012544 monitoring process Methods 0.000 claims description 20
- 230000000694 effects Effects 0.000 claims description 15
- 238000005457 optimization Methods 0.000 claims description 9
- 238000003860 storage Methods 0.000 claims description 9
- 230000008485 antagonism Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 5
- 238000012986 modification Methods 0.000 claims description 5
- 230000005856 abnormality Effects 0.000 claims description 2
- 230000003042 antagnostic effect Effects 0.000 abstract description 5
- 230000003044 adaptive effect Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 4
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 3
- 238000013528 artificial neural network Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013256 Gubra-Amylin NASH model Methods 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a system for detecting threat of a DevOps container based on a generated countermeasure network, which belong to the technical field of computer security, and comprise the steps of obtaining an information source in the container, and extracting characteristics for detecting the threat in the information source; constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator; detecting the behavior of a container in real time, and collecting real-time information of the container; inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats; abnormal behaviors and threats in the container can be monitored and detected in real time, and the safety of the container environment is improved. The adaptive and antagonistic training of the system enables it to accommodate new threats and changing container environments, providing efficient threat detection and automated response. The technical innovation has wide application prospect in the field of container safety.
Description
Technical Field
The invention belongs to the field of computer security, and particularly relates to a method and a system for detecting a threat of a DevOps container based on a generated countermeasure network.
Background
In the DevOps environment, container technology has become a widely used approach, but the container environment is also at risk of security vulnerabilities and threats. Conventional security detection methods are often inadequate to address new threats in containers. Accordingly, there is a need for a new method and system that can monitor and detect threats in real-time in a container to improve the safety of the container environment.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method and a system for detecting the threat of a DevOps container based on a generation countermeasure network (GAN), which aim to realize real-time security vulnerability and threat detection in the container by using the GAN technology. The system comprises a generator and a discriminator, and improves the safety of the container environment by monitoring and detecting abnormal behaviors and threats in the container in real time in an anti-learning mode.
In order to achieve the above purpose, the application adopts the following technical scheme:
In a first aspect, the present invention provides a method for detecting a DevOps container threat based on generating an antagonism network, comprising
Acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
Constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
detecting the behavior of a container in real time, and collecting real-time information of the container;
inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
Further, the acquiring the information source in the container includes collecting content such as system file information, process information, network activities and the like.
Further, extracting features of the information source for detecting the threat includes:
extracting file characteristics: traversing a file system in a container to obtain metadata information of a file, such as file name, path, size, creation time and modification time;
And (3) process feature extraction: acquiring a process list running in a container through a container running time interface, and recording a process ID, a father process ID, command line parameters and execution path information of each process;
Extracting network activity characteristics: capturing network data packets of the container by using a network packet capturing tool, and extracting source IP addresses, target IP addresses, source ports, target ports and protocol type information;
And (3) extracting system calling characteristics: the system call of the process in the container is tracked by a system call monitoring tool. Recording a system call sequence executed by a process, wherein the system call sequence comprises a call number, parameters and a return value:
other feature extraction: other container-related features, such as environment variables, configuration files, and log files, may also be extracted according to particular needs.
Further, the construction of the specific implementation of the countermeasure generation network model comprises the steps of preparing a data set, selecting a proper activation function, a loss function and an optimization algorithm, performing alternating training of a generator and a discriminator, and adjusting super parameters to optimize the model performance.
Further, the real-time container behavior detection starts to monitor the behavior in the container in real time after the construction of the generator and the discriminator for generating the reactive network is completed; this includes container activities such as file access, system call network traffic, etc.; by monitoring these behaviors, abnormal behaviors and threats in the container are captured.
Further, the real-time container behavior detection: after the construction of the generator and arbiter that generate the reactive network is completed, the system begins monitoring the behavior within the container in real-time, including file access, system calls, and network traffic.
Further, the anomaly detection and threat identification: by means of real-time monitoring of container behavior and combination with safety information source data, the system performs abnormality detection and threat identification.
In a second aspect, the present invention provides a DevOps container threat detection system based on generating an antagonizing network, comprising:
A data acquisition module configured to: acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
An countermeasure generation network module configured to: constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
a monitoring module configured to: detecting the behavior of a container in real time, and collecting real-time information of the container;
a response pre-warning module configured to: inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
In a third aspect, the present invention provides a computer readable storage medium, wherein the computer readable storage medium includes a stored program, and the device in which the computer readable storage medium is controlled to execute the DevOps container threat detection method based on generating an countermeasure network according to the first aspect when the program runs.
In a fourth aspect, the present invention provides an electronic device comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the electronic device to perform a DevOps container threat detection method based on generating a challenge network as described in the first aspect.
Compared with the prior art, the invention has the advantages and positive effects that:
The method and the system for detecting the threat of the DevOps container based on the generation countermeasure network can monitor and detect the abnormal behavior and the threat in the container in real time, and improve the safety of the container environment. The adaptive and antagonistic training of the system enables it to accommodate new threats and changing container environments, providing efficient threat detection and automated response. The technical innovation has wide application prospect in the field of container safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of a DevOps container threat detection method based on generating an antagonizing network of the present invention;
Fig. 2 is a block diagram of a generated countermeasure network of the present invention.
Detailed Description
In order that the above objects, features and advantages of the application will be more clearly understood, a further description of the application will be rendered by reference to the appended drawings and examples. It should be noted that, without conflict, the embodiments of the present application and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced otherwise than as described herein, and therefore the present invention is not limited to the specific embodiments of the disclosure that follow.
Embodiment 1, as shown in fig. 1 and 2, the present application provides a method for detecting a threat of a DevOps container based on generating an countermeasure network, including:
acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
Constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
detecting the behavior of a container in real time, and collecting real-time information of the container;
inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
The specific implementation method of the invention comprises the following steps:
Step1: first, features are extracted from various sources of information within the container, such as files, processes, network activities, etc. within the container.
Step2: then build a Generated Antagonism Network (GAN):
A data set is collected and prepared for training. This is the real data necessary for training of the GAN, as well as random noise data for generator initialization.
Appropriate activation functions (ReLU/Softmax, etc.), penalty functions (resistance penalty/regularization penalty, etc.), and optimization algorithms (Adam/SGD, etc.) are selected to create the configuration generator network. For example, in one embodiment, the generator and discriminator are trained by minimizing the resistance loss function. The following is the step of creating an countermeasure generation model:
A network structure of a Generator (Generator) and a discriminator (Discriminator) is defined.
The input to the generator is random noise z, and samples G (z) are generated by the generator network.
The inputs to the discriminator are the true sample x and the generated sample G (z), and the corresponding probabilities D (x) and D (G (z)) are output through the discriminator network.
Calculating a loss function of the generator:
The samples that the generator wishes to generate can be mistaken by the discriminator as real samples, so the loss function of the generator is: loss_generator= -1/N sum (log (D (G (z)))
Calculating a loss function of the discriminator:
The discriminator is expected to be able to correctly distinguish between true samples and generated samples, so the loss function of the discriminator is: loss_ discriminator = -1/N sum (log (D (x)) + log (1-D (G (z)))))
Parameters of the optimization generator and discriminator:
Parameters of the generator and discriminator are updated separately using Adam optimization algorithm:
The pair generator: theta_generator_ { t+1} = theta_generator_t- (eta/sqrt (hat_v_t) +epsilon) ×hat_m_t_generator
Pair discriminator :theta_discriminator_{t+1} = theta_discriminator_t - (eta / sqrt(hat_v_t) + epsilon) * hat_m_t_discriminator
Wherein theta generator t and theta discriminator t are current parameter values for the generator and discriminator, respectively, theta generator t +1 and theta discriminator t +1 being updated parameter values.
Through the above steps, training of the countermeasure generation model can be achieved. During training, the generator and the discriminator are opposed to each other, the generator attempts to generate realistic samples to fool the discriminator, and the discriminator attempts to distinguish between the real samples and the generated samples. As training progresses, the performance of the generator and discriminator gradually improves, and the generated samples are more and more realistic.
Super-parameters of the generator and the discriminator, such as learning rate, neural network structure, batch size, etc., are adjusted, for example, in one embodiment, the learning rate of the generator and the discriminator is 0.0002, the batch size is 64, the epsilon value of the optimization algorithm is 1e-8, etc., by continuously adjusting the parameters to optimize the performance of the GAN.
Step3: and after the real-time container behavior monitoring and the generation of the countermeasure network and the construction of the discriminator are performed, the system starts to monitor the behavior in the container in real time. This includes container activities such as file access, system calls, network traffic, etc. At the same time, data from the security intelligence source is integrated to learn about the current threat situation. Threat information and container monitoring results are combined, detection accuracy is improved, and finally, a vulnerability database comprising container base images and vulnerability information of components is maintained. And updating the vulnerability database regularly to ensure the detection accuracy. When exception information is queried, the system may automatically trigger response operations, such as quarantining the container, suspending the container process, notifying a security administrator, etc., to mitigate potential threats.
Step4: automated responses and alarms once the arbiter detects abnormal behavior or threats, the system may automatically trigger response operations such as quarantining containers, halting container processes, notifying security administrators, etc., to mitigate potential threats.
Embodiment 2 the present invention provides a DevOps container threat detection system based on generating an antagonism network, comprising:
A data acquisition module configured to: acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
An countermeasure generation network module configured to: constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
a monitoring module configured to: detecting the behavior of a container in real time, and collecting real-time information of the container;
a response pre-warning module configured to: inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
And a data acquisition module: various information within the container needs to be collected and prepared in order to be translated into features that can be used to detect threats. Such information may include files, processes, network activities, system calls, etc. within the container.
An countermeasure generation network module: firstly, extracting features of collected data, such as files, such as size, authority, hash values and the like; then constructing an countermeasure generation network, taking the extracted characteristics as input, selecting a proper activation function to configure a generator network to try to generate data similar to real data, and alternately training a generator and a discriminator until the data generated by the generator is close to the real data; finally, super parameters of the generator and the arbiter, such as learning rate, neural network structure, batch processing size, etc., are adjusted to optimize the performance of the GAN.
And a monitoring module: behavior within the container is monitored in real-time, including container activities such as file access, system calls, network traffic, and the like. At the same time, data from the security intelligence source is integrated to learn about the current threat situation.
An automatic response and early warning module: based on the arbiter detecting the abnormal behavior or threat, the system may automatically trigger a response operation, such as quarantining the container, aborting the container process, notifying a security administrator, etc., to mitigate the potential threat.
Referring to fig. 1, the following details of the specific steps of the present invention are described in detail:
Step one, data acquisition: collecting contents such as system file information, process information, network activities and the like, and then extracting characteristics of the contents, wherein the contents are specifically as follows:
extracting file characteristics: traversing the file system in the container, and acquiring metadata information of the file, such as file name, path, size, creation time, modification time and the like. The hash value of the file may be calculated using a file hash algorithm to later compare the integrity of the file.
And (3) process feature extraction: the list of processes running within the container is obtained through a container runtime interface (e.g., a Docker API). For each process, its Process ID (PID), parent Process ID (PPID), command line parameters, execution path, etc. information is recorded. More detailed process information, such as CPU, memory, network, etc., resource usage may be obtained using a process monitoring tool (e.g., psutil).
Extracting network activity characteristics: the network traffic in the container is monitored and the network connection of the container to external communication is recorded. Network packet capturing tools (e.g., tcpdump) may be used to capture network packets of the container, extracting information on source IP address, destination IP address, source port, destination port, protocol type, etc. The packet content may be further parsed according to protocol types (e.g., HTTP, SSH, FTP, etc.).
And (3) extracting system calling characteristics: the system calls of processes within the container are tracked by a system call monitoring tool (e.g., strace). And recording a system call sequence executed by the process, wherein the system call sequence comprises a call number, parameters, a return value and the like. The behavior of the container may be analyzed according to the type of system call (e.g., file operations, network operations, process management, etc.).
Other feature extraction: other container-related features, such as environment variables, configuration files, log files, etc., may also be extracted according to specific needs. Such information may provide contextual information of the container operating environment that may be helpful in detecting abnormal behavior and threats.
Step two, establishing an countermeasure generation model: as shown in FIG. 2, a specific embodiment of constructing an countermeasure generation network model includes preparation of a dataset, selection of appropriate activation functions, loss functions, and optimization algorithms, alternating training of generators and discriminators, and adjusting hyper-parameters to optimize model performance. The goal of these steps is to enable the generator to generate data that is similar to real data, thereby enabling detection of real-time security vulnerabilities and threats within the container.
Collecting and preparing a data set for training: it is first necessary to collect and prepare the actual data sets for training, which should contain the various information source features within the container extracted in the previous step, such as files, processes, network activities, etc. At the same time, a random noise data set for generator initialization needs to be prepared.
Selecting appropriate activation functions, loss functions and optimization algorithms: in building the generator network, it is necessary to select appropriate activation functions (e.g., reLU, softmax, etc.), loss functions (e.g., resistance loss, regularization loss, etc.), and optimization algorithms (e.g., adam, SGD, etc.). These choices will help create a network of configuration generators that can accept random noise data as input and attempt to generate data that is similar to real data.
Alternate training is performed: during the training process, alternating training generators and discriminators are required. Firstly, training the discriminators, and training the discriminators by using real data and data generated by a generator to improve classification performance of the discriminators. And then training the generator, using the data generated by the generator, and updating the weight of the generator through the feedback of the discriminator so as to enable the generator to generate more realistic data. These two steps are iteratively alternated until the data generated by the generator is sufficiently close to the real data.
Adjusting super parameters: in building the GAN model, the super parameters of the generator and the arbiter, such as learning rate, neural network structure, batch size, etc., need to be adjusted to optimize the performance of the GAN. By continuously adjusting these super parameters, the training effect of the model and the quality of the generated data can be improved.
Step three, detecting the behavior of the real-time container: after the construction of the generator and arbiter generating the reactive network (GAN) is completed, the system begins to monitor the behavior within the container in real time. This includes container activities such as file access, system calls, network traffic, etc. By monitoring these behaviors, abnormal behaviors and threats in the container can be captured.
At the same time, the system integrates data from a secure intelligence source to learn about the current threat situation. These security intelligence sources may include public vulnerability databases, hack forums, malware samples; by combining threat intelligence with container monitoring results, the accuracy of the detection can be improved.
In addition, the system maintains a vulnerability database comprising vulnerability information for the container base image and components; the vulnerability information may be from a public vulnerability database or self-collection collations. The vulnerability database is updated periodically to ensure the accuracy of the detection.
Anomaly detection and threat identification: through the real-time monitoring of container behavior and the combination of the container behavior and the safety information source data, the system can perform anomaly detection and threat identification; for example, if the container's file access pattern does not match normal behavior, or the container's network traffic matches known malicious behavior, the system will identify these abnormal behaviors and flag as potential threats.
Step four, automatic response and alarm: once the arbiter detects an abnormal behavior or threat, the system may automatically trigger a response operation. For example, the container may be quarantined, the container process suspended, a security administrator notified, and the like. At the same time, the system may also generate an alert so that the security team can take timely action to deal with the threat.
The method and the system for detecting the threat of the DevOps container based on the generation countermeasure network can monitor and detect the abnormal behavior and the threat in the container in real time, and improve the safety of the container environment. The adaptive and antagonistic training of the system enables it to accommodate new threats and changing container environments, providing efficient threat detection and automated response; the technical innovation has wide application prospect in the field of container safety.
Embodiment 3, a computer readable storage medium, the computer readable storage medium including a stored program, wherein the program when run controls a device in which the computer readable storage medium resides to perform the method of embodiment 1.
Embodiment 4 the invention provides an electronic device comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the electronic device to perform the method of embodiment 1.
The electronic device may include: a processor, a memory and a communication unit. The components may communicate via one or more buses, and those skilled in the art will appreciate that the structure of the electronic device is not limiting of embodiments of the invention, as it may be a bus-like structure, a star-like structure, or a combination of certain components, or a different arrangement of components.
The communication unit is used for establishing a communication channel so that the electronic equipment can communicate with other equipment. Receiving user data sent by other devices or sending user data to other devices.
The processor, which is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, performs various functions of the electronic device and/or processes data by running or executing software programs and/or modules stored in the memory, and invoking data stored in the memory. The processor may be comprised of integrated circuits (INTEGRATED CIRCUIT, ICs), such as a single packaged IC, or may be comprised of packaged ICs that connect multiple identical or different functions. For example, the processor may include only a central processing unit (centralprocessing unit, CPU). In the embodiment of the invention, the CPU can be a single operation core or can comprise multiple operation cores.
The memory, for storing processor-executable instructions, may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk.
The execution of the instructions in memory, when executed by the processor, enables the electronic device to perform some or all of the steps of embodiment 1.
The present invention is not limited to the above-mentioned embodiments, and any equivalent embodiments which can be changed or modified by the technical content disclosed above can be applied to other fields, but any simple modification, equivalent changes and modification made to the above-mentioned embodiments according to the technical substance of the present invention will still fall within the protection scope of the technical solution of the present invention.
Claims (10)
1. The method for detecting the threat of the DevOps container based on the generation of the countermeasure network is characterized by comprising the following steps of
Acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
Constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
detecting the behavior of a container in real time, and collecting real-time information of the container;
inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
2. The method for detecting threat of DevOps container based on generating an countermeasure network according to claim 1, wherein the acquiring the information source in the container includes collecting content of system file information, process information, network activities, etc.
3. The method for generating a countermeasure network based DevOps container threat detection of claim 1, wherein extracting features in the information source for detecting the threat comprises:
extracting file characteristics: traversing a file system in a container to obtain metadata information of a file, such as file name, path, size, creation time and modification time;
And (3) process feature extraction: acquiring a process list running in a container through a container running time interface, and recording a process ID, a father process ID, command line parameters and execution path information of each process;
Extracting network activity characteristics: capturing network data packets of the container by using a network packet capturing tool, and extracting source IP addresses, target IP addresses, source ports, target ports and protocol type information;
And (3) extracting system calling characteristics: the system call of the process in the container is tracked by a system call monitoring tool. Recording a system call sequence executed by a process, wherein the system call sequence comprises a call number, parameters and a return value:
other feature extraction: other container-related features, such as environment variables, configuration files, and log files, may also be extracted according to particular needs.
4. The method of claim 1, wherein the building of the model of the countermeasure network includes preparing a data set, selecting an appropriate activation function, a loss function, and an optimization algorithm, performing an alternating training of the generator and the arbiter, and adjusting the hyper-parameters to optimize the model performance.
5. The method for detecting the threat of the DevOps container based on the generation of the antagonism network according to claim 1, wherein the real-time container behavior detection is performed, and the system starts to monitor the behavior in the container in real time after the generator and the arbiter of the generation of the antagonism network are constructed; this includes container activities such as file access, system call network traffic, etc.; by monitoring these behaviors, abnormal behaviors and threats in the container are captured.
6. The method for generating a countermeasure network based DevOps container threat detection of claim 1, wherein the real-time container behavior detection: after the construction of the generator and arbiter that generate the reactive network is completed, the system begins monitoring the behavior within the container in real-time, including file access, system calls, and network traffic.
7. The method for generating a countermeasure network based DevOps container threat detection of claim 1, wherein the anomaly detection and threat identification: by means of real-time monitoring of container behavior and combination with safety information source data, the system performs abnormality detection and threat identification.
8. A DevOps container threat detection system based on generating an antagonism network, comprising:
A data acquisition module configured to: acquiring an information source in a container, and extracting characteristics for detecting threats from the information source;
An countermeasure generation network module configured to: constructing an countermeasure generation network, taking the extracted characteristics as input, selecting an activation function to configure a generator network, and alternately training a generator and a discriminator;
a monitoring module configured to: detecting the behavior of a container in real time, and collecting real-time information of the container;
a response pre-warning module configured to: inputting real-time information of the container into a trained countermeasure production network, and detecting abnormal behaviors or threats.
9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program, wherein the device in which the computer readable storage medium is located is controlled to perform the generating countermeasure network-based DevOps container threat detection method according to any of claims 1-7 when the program is run.
10. An electronic device comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the electronic device to perform the generating countermeasure network-based DevOps container threat detection method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410266029.8A CN118171269A (en) | 2024-03-08 | 2024-03-08 | DevOps container threat detection method and system based on generation countermeasure network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410266029.8A CN118171269A (en) | 2024-03-08 | 2024-03-08 | DevOps container threat detection method and system based on generation countermeasure network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118171269A true CN118171269A (en) | 2024-06-11 |
Family
ID=91349655
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410266029.8A Pending CN118171269A (en) | 2024-03-08 | 2024-03-08 | DevOps container threat detection method and system based on generation countermeasure network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118171269A (en) |
-
2024
- 2024-03-08 CN CN202410266029.8A patent/CN118171269A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220353286A1 (en) | Artificial intelligence cyber security analyst | |
| Rakas et al. | A review of research work on network-based scada intrusion detection systems | |
| Rubio et al. | Analysis of Intrusion Detection Systems in Industrial Ecosystems. | |
| US20220201042A1 (en) | Ai-driven defensive penetration test analysis and recommendation system | |
| CN106663169B (en) | System and method for high speed threat intelligence management using unsupervised machine learning and priority algorithms | |
| EP3763099B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| WO2007109721A2 (en) | Tactical and strategic attack detection and prediction | |
| EP3529731A1 (en) | Quantitative unified analytic neural networks | |
| CN115996146A (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| WO2018071356A1 (en) | Graph-based attack chain discovery in enterprise security systems | |
| Waskita et al. | A simple statistical analysis approach for intrusion detection system | |
| Rubio et al. | Tracking apts in industrial ecosystems: A proof of concept | |
| Colelli et al. | Anomaly-based intrusion detection system for cyber-physical system security | |
| CN117014224B (en) | Network attack defense method and system based on Gaussian process regression | |
| Brenner et al. | Better safe than sorry: Risk Management based on a safety-augmented Network Intrusion Detection System | |
| CN114741426B (en) | Brain-like storage and calculation integration-based business behavior detection method and device | |
| CN114584391B (en) | Method, device, equipment and storage medium for generating abnormal flow processing strategy | |
| EP3024192A1 (en) | Analysing security risks of an industrial automation and control system | |
| CN118171269A (en) | DevOps container threat detection method and system based on generation countermeasure network | |
| Yu et al. | Mining anomaly communication patterns for industrial control systems | |
| CN112769815A (en) | Intelligent industrial control safety monitoring and protecting method and system | |
| NL2020635B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| NL2020552B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| Wang | Online intrusion detection design and implementation for SCADA networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |