The inherent complexity of cloud-native environments like Kubernetes is due to its dynamic and distributed landscape. According to the Kubernetes Security Report 2024, over 67% of organizations have delayed their deployment of containerized applications due to security concerns. Digital twin technology has emerged as a promising field of interest in cybersecurity, as it offers a real-time environment for detecting threats without impacting the live production systems. This paper proposes a novel self-learning cybersecurity framework on a digital twin of a Kubernetes cluster. In this system, a digital twin of a cluster is created and monitored for security misconfigurations. Then, it is introduced to different attack scenarios through a Genetic Algorithm (GA), which drives the evolution of offensive and defense strategies through a tailored fitness function. The most effective defenses are then applied to the twin and its impact is passed to the GA. The risk assessment of the attack success and defense effectiveness, is done using Multi-Layer Perceptron (MLP). Over multiple cycles, the attack strategies keep improving, making the twin refine its defense strategies to ensure the cluster security. Applying on the Kubernetes Goat cluster, the framework was successfully able to identify 91.7% of the attacks simulated.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Self-learning Digital Twin for Kubernetes Security

  • N. S. Devnath,
  • Aayushman Singh,
  • Adarsh Sasikumar,
  • Sriram Sankaran

摘要

The inherent complexity of cloud-native environments like Kubernetes is due to its dynamic and distributed landscape. According to the Kubernetes Security Report 2024, over 67% of organizations have delayed their deployment of containerized applications due to security concerns. Digital twin technology has emerged as a promising field of interest in cybersecurity, as it offers a real-time environment for detecting threats without impacting the live production systems. This paper proposes a novel self-learning cybersecurity framework on a digital twin of a Kubernetes cluster. In this system, a digital twin of a cluster is created and monitored for security misconfigurations. Then, it is introduced to different attack scenarios through a Genetic Algorithm (GA), which drives the evolution of offensive and defense strategies through a tailored fitness function. The most effective defenses are then applied to the twin and its impact is passed to the GA. The risk assessment of the attack success and defense effectiveness, is done using Multi-Layer Perceptron (MLP). Over multiple cycles, the attack strategies keep improving, making the twin refine its defense strategies to ensure the cluster security. Applying on the Kubernetes Goat cluster, the framework was successfully able to identify 91.7% of the attacks simulated.