Container environment anomaly detection method and device, medium and computer equipment

An anomaly detection and container technology, applied in the field of network security, can solve problems such as high modeling costs and inability to ensure detection accuracy

Pending Publication Date: 2020-10-23
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problems existing in the prior art, the embodiment of the present application provides a method, device, medium and computer equipment for abnormal detection of the container envir

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container environment anomaly detection method and device, medium and computer equipment
  • Container environment anomaly detection method and device, medium and computer equipment
  • Container environment anomaly detection method and device, medium and computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] This embodiment provides a method for detecting anomalies in a container environment, such as figure 1 As shown, the methods include:

[0050] S110, for the host nodes in the container cluster, collect historical process data of all business containers in each host node when they are running normally;

[0051]In a distributed system, there are multiple hosts, one host is a node, and multiple containers are deployed on each host node to form a container cluster.

[0052] In order to ensure the processing efficiency of each host node, after the container is created, it is deployed uniformly by the background management module of the distributed system; the background management unit determines the optimal deployment method according to the current resource occupancy rate of each host node . In this way, even different containers created by the same image may be deployed on different host nodes.

[0053] For the host nodes in the container cluster, collect the historica...

Embodiment 2

[0102] This embodiment provides a container environment anomaly detection device, such as Figure 6 As shown, the device includes: an acquisition module 61, an establishment module 62 and an abnormality detection module 63; wherein,

[0103] The acquisition module 61 is used to collect historical process data of all business containers normally running in each host node for the host nodes in the container cluster;

[0104] Establishment module 62 is used for establishing detection model based on the historical process data in each service container corresponding to the image for each image; the image is used to create service containers, each image corresponds to multiple service containers, and each image corresponds to a detection model;

[0105] The anomaly detection module 63 is configured to detect the current process data based on the corresponding detection model when receiving the current process data of each service container, and judge whether the environment of eac...

Embodiment 3

[0154] This embodiment provides a computer device, such as Figure 7 As shown, it includes a memory 70, a processor 71 and a computer program 72 stored on the memory 70 and operable on the processor 71. When the processor 71 executes the computer program 72, the following steps are implemented:

[0155] For the host nodes in the container cluster, obtain the historical process data of all business containers in each host node when they are running normally;

[0156] For each image, a detection model is established based on the historical process data in each of the service containers corresponding to the image; the image is used to create the service container, each of the images corresponds to a plurality of the service containers, and each Each of the mirror images corresponds to one of the detection models;

[0157] When the current process data of each of the service containers is received, the current process data is detected based on the corresponding detection model to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a container environment anomaly detection method and device, a medium and computer equipment, and the method comprises the steps: obtaining the historical process data of all business containers in each host machine node during normal operation for the host machine nodes in a container cluster; for each mirror image, establishing a detection model based on historical processdata in each service container corresponding to the mirror image; when the current process data of each service container is received, detecting the current process data based on the corresponding detection model, and judging whether the environment of each service container is abnormal or not; according to the method and the device, for each mirror image, the number of the containers created bythe mirror image is multiple, so that the process data is diversified, and the detection precision of the detection model can be ensured; moreover, in the container cluster, the number of the mirror images is far smaller than that of the service containers, so that compared with the mode of modeling each container in the prior art, the mirror images are modeled, and the modeling cost can be greatly reduced.

Description

technical field [0001] The present application belongs to the technical field of network security, and in particular relates to a method, device, medium and computer equipment for container environment anomaly detection. Background technique [0002] Containers are a lightweight, operating system-level virtualization technology that allows applications and their dependencies to be run in a resource-isolated environment. Container technology realizes lightweight resource virtualization and isolation by sharing the host operating system kernel. In recent years, it has been widely used in DevOps, microservices and other fields. [0003] Although container technology is popular and widely used in many fields, the security issues behind it cannot be ignored. Whether the container operation is safe is directly related to whether the internal business of the container can continue to run stably as expected; therefore, how to timely and accurately detect abnormal threats in the con...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F9/455H04L29/06H04L29/08
CPCG06F9/45558G06F2009/45587G06F2009/45591G06F2009/45595H04L63/0218H04L63/1425H04L67/025H04L67/1095H04L67/1097
Inventor 陈磊阮博男刘文懋江国龙浦明
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap