Recent years have witnessed a rapid increase in the use of the cloud, and especially the container technology, which is very convenient to use in the cloud environment due to its ability to deploy microservices quickly and easily. A number of studies have been carried out on the security of this technology since the day it started to be used. However, ensuring inclusive security is still a critical need. As containers are a relatively new technology, it is essential to discover their security vulnerabilities by testing them with continuous and up-to-date attacks to develop effective defense systems.
Today, machine learning-based intrusion detection and prevention systems are an effective option for securing many platforms including containers. The major issue with these approaches is the need for appropriate and comprehensive labelled data sets, which is a common problem in any machine learning-based study.
In this thesis, we describe a novel public container attacks data set we have created for machine-learning based intrusion detection, which focuses on container attacks extracted from the Common Vulnerabilities and Exposures (CVE) platform for the period 2019-2022. The data set comprises attacks on vulnerable container images simulated in the Kubernetes orchestration environment. We believe the data set will be instrumental for advancing intrusion detection research and practice for containers, which will be increasingly widespread in the years to come.