Design And Implementation Of Lightweight Container Security Monitoring Component Based On OpenStack Cloud

The rise of virtualization technology promotes the development of container technology.Services based on lightweight containers are more and more favored by enterprises and researchers.However,the extensive use of lightweight container engines also leads to a series of container security problems.In order to ensure that containers can safely and effectively undertake business on the whole system platform,The demand for monitoring the system environment and the lightweight container engine running on the system environment has become increasingly urgent.At present,the monitoring methods for the system platform and lightweight container engine are complex and diverse,such as ZABBIX,Scout,Data Dog,etc.However,the traditional monitoring methods are not comprehensive for the information monitoring of lightweight containers,which is easy to cause a monitoring black hole and a single application scenario,and can not efficiently monitor the complex system platform with too many microservices and solve the monitoring requirements of the system for containers.In view of the disadvantages of traditional monitoring methods,this paper designs a set of security monitoring components,which is based on container deployment,has strong scalability and occupies very few system resources.Experiments show that in addition to the traditional monitoring function,the component can also effectively monitor the container from malicious attacks such as Denial of Service(DOS)and escape,and can use the prediction algorithm to realize the container early warning function and respond to the alarm information.The main research contents of this paper are as follows:(1)An implementation scheme of lightweight container security monitoring based on OpenStack cloud platform is designed.In the scheme,the sequential database system,container information collection agent,container information display platform,alarm mechanism and persistent database are introduced;Design monitoring index items for container instances running on cloud platform;According to the characteristics of container escape attack and Do S attack,the monitoring method is designed and the security feature library is customized;The prediction of container data is realized based on Prophet prediction algorithm,so as to give early warning to the container in advance;Design the response mode of early warning and alarm based on Flask Framework.(2)Analyze the function of monitoring components.The functional requirements include:batch adding monitoring objects,collecting,monitoring and visual displaying the container data running on the cloud platform,and timely notifying the user or administrator of any abnormality in the container data;Non functional requirements include: security monitoring for large-scale container clusters on the cloud platform and reliable alarm function.(3)According to the functional requirements of monitoring components,six core modules are designed and implemented: monitoring object management module,data acquisition module,data preprocessing module,security analysis module,data processing module and monitoring management module.The security feature library in the security analysis module is further studied and introduced.(4)The functional and performance tests of the monitoring components show that the design scheme can meet the needs of the project.the accuracy of threat prediction can reach 85%,and the technical maturity(TRL)can reach the fourth level.