Buzzanca, Giorgio
(2023)
Cryptomining detection on cloud environments through containerised application profiling and classification.
[Laurea magistrale], Università di Bologna, Corso di Studio in
Artificial intelligence [LM-DM270], Documento full-text non disponibile
Il full-text non è disponibile per scelta dell'autore.
(
Contatta l'autore)
Abstract
During my internship at Sysdig, I had the opportunity to work on the task
of novelty detection in monitored cloud environments. This study focuses
specifically on the last project to which I was assigned: the development of
a new feature for Sysdig Secure, the product of Sysdig that provides security
monitoring and compliance for containerized applications.
In particular, the objective was to implement a crypto-mining activity
detector, which by leveraging low-level data collected by the Image Profil-
ing component, and performing machine learning-based dynamic analysis,
would have been able to detect crypto-mining activities in containerized ap-
plications with a high degree of accuracy.
This paper is organized as follows.
In the first chapter, I define the problem of crypto-jacking detection, and
I present a brief review of the literature on the topic, with a focus both on
static analysis approaches and machine-learning techniques.
In the second chapter, I introduce the Sysdig Secure product, and I de-
scribe the Image Profiling component, and the pipeline for the collection of
low-level data.
In the third chapter, I describe the feature extraction pipelines and the
rationale behind the choice of the features based on the analysis of the be-
havior of xmrig and cpuminer.
In the fourth chapter, I describe the machine-learning models that I have
implemented, and I present the results of the experiments that I have carried
out.
In the fifth chapter, I expose the study of scalability and roll-out policy
I have carried out, the design of the model’s training architecture and im-
plementation of machine learning operations, from preprocessing to model
storage, and the development of components for production environments
and deployment.
In the last chapter, I present the conclusions of my work.
Abstract
During my internship at Sysdig, I had the opportunity to work on the task
of novelty detection in monitored cloud environments. This study focuses
specifically on the last project to which I was assigned: the development of
a new feature for Sysdig Secure, the product of Sysdig that provides security
monitoring and compliance for containerized applications.
In particular, the objective was to implement a crypto-mining activity
detector, which by leveraging low-level data collected by the Image Profil-
ing component, and performing machine learning-based dynamic analysis,
would have been able to detect crypto-mining activities in containerized ap-
plications with a high degree of accuracy.
This paper is organized as follows.
In the first chapter, I define the problem of crypto-jacking detection, and
I present a brief review of the literature on the topic, with a focus both on
static analysis approaches and machine-learning techniques.
In the second chapter, I introduce the Sysdig Secure product, and I de-
scribe the Image Profiling component, and the pipeline for the collection of
low-level data.
In the third chapter, I describe the feature extraction pipelines and the
rationale behind the choice of the features based on the analysis of the be-
havior of xmrig and cpuminer.
In the fourth chapter, I describe the machine-learning models that I have
implemented, and I present the results of the experiments that I have carried
out.
In the fifth chapter, I expose the study of scalability and roll-out policy
I have carried out, the design of the model’s training architecture and im-
plementation of machine learning operations, from preprocessing to model
storage, and the development of components for production environments
and deployment.
In the last chapter, I present the conclusions of my work.
Tipologia del documento
Tesi di laurea
(Laurea magistrale)
Autore della tesi
Buzzanca, Giorgio
Relatore della tesi
Scuola
Corso di studio
Ordinamento Cds
DM270
Parole chiave
crypto-miners detection, novelty detection, Sysdig, secure, compliance, Kubernetes machine learning, feature engineering, explainable AI, decision trees, isolation forests,MLOps,microservices,scalability,roll-out policy
Data di discussione della Tesi
23 Marzo 2023
URI
Altri metadati
Tipologia del documento
Tesi di laurea
(NON SPECIFICATO)
Autore della tesi
Buzzanca, Giorgio
Relatore della tesi
Scuola
Corso di studio
Ordinamento Cds
DM270
Parole chiave
crypto-miners detection, novelty detection, Sysdig, secure, compliance, Kubernetes machine learning, feature engineering, explainable AI, decision trees, isolation forests,MLOps,microservices,scalability,roll-out policy
Data di discussione della Tesi
23 Marzo 2023
URI
Gestione del documento: