{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T10:06:32Z","timestamp":1773655592542,"version":"3.50.1"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030494315","type":"print"},{"value":"9783030494322","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-49432-2_4","type":"book-chapter","created":{"date-parts":[[2020,6,3]],"date-time":"2020-06-03T14:47:06Z","timestamp":1591195626000},"page":"66-86","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Rule-Based Security Monitoring of Containerized Environments"],"prefix":"10.1007","author":[{"given":"Holger","family":"Gantikow","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoph","family":"Reich","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Knahl","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Clarke","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,6,4]]},"reference":[{"key":"4_CR1","doi-asserted-by":"publisher","unstructured":"Abed, A.S., Clancy, T.C., Levy, D.S.: Applying bag of system calls for anomalous behavior detection of applications in linux containers. 2015 IEEE Globecom Workshops, GC Wkshps 2015 - Proceedings (2015). \nhttps:\/\/doi.org\/10.1109\/GLOCOMW.2015.7414047","DOI":"10.1109\/GLOCOMW.2015.7414047"},{"key":"4_CR2","unstructured":"Alex Borhani: Anomaly Detection, Alerting, and Incident Response for Containers. SANS Institute InfoSec Reading Room (GIAC GCIH Gold Certification) (2017)"},{"key":"4_CR3","doi-asserted-by":"publisher","unstructured":"Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., Stillwell, M.L., Goltzsche, D., Eyers, D., Pietzuch, P., Fetzer, C.: SCONE: Secure Linux Containers with Intel SGX. Osdi pp. 689\u2013704 (2016). \nhttps:\/\/doi.org\/10.5281\/ZENODO.163059","DOI":"10.5281\/ZENODO.163059"},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Chelladhurai, J., Chelliah, P.R., Kumar, S.A.: Securing docker containers from Denial of Service (DoS) attacks. Proceedings - 2016 IEEE International Conference on Services Computing, SCC 2016 pp. 856\u2013859 (2016). \nhttps:\/\/doi.org\/10.1109\/SCC.2016.123","DOI":"10.1109\/SCC.2016.123"},{"key":"4_CR5","unstructured":"Chikvashvili, Y.: Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack. [ONLINE] Available at: \nhttps:\/\/blog.aquasec.com\/cryptocurrency-miners-abusing-containers-anatomy-of-an-attempted-attack\n\n (2019), [Accessed 31 July 2019]"},{"issue":"5","key":"4_CR6","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/MCC.2016.100","volume":"3","author":"T Combe","year":"2016","unstructured":"Combe, T., Martin, A., Di Pietro, R.: To Docker or Not to Docker: A Security Perspective. IEEE Cloud Computing 3(5), 54\u201362 (2016). \nhttps:\/\/doi.org\/10.1109\/MCC.2016.100","journal-title":"IEEE Cloud Computing"},{"key":"4_CR7","unstructured":"Containers Organization: Podman. [ONLINE] Available at: \nhttps:\/\/podman.io\/\n\n (2019), [Accessed 31 July 2019]"},{"key":"4_CR8","unstructured":"Docker Inc.: Seccomp security profiles for Docker. [ONLINE] Available at: \nhttps:\/\/docs.docker.com\/engine\/security\/seccomp\/\n\n (2019), [Accessed 31 July 2019]"},{"key":"4_CR9","doi-asserted-by":"publisher","unstructured":"Dymshits, M., Myara, B., Tolpin, D.: Process monitoring on sequences of system call count vectors. Proceedings - International Carnahan Conference on Security Technology 2017-October, 1\u20135 (2017). \nhttps:\/\/doi.org\/10.1109\/CCST.2017.8167792","DOI":"10.1109\/CCST.2017.8167792"},{"key":"4_CR10","doi-asserted-by":"publisher","unstructured":"Felter, W., Ferreira, A., Rajamony, R., Rubio, J.: An updated performance comparison of virtual machines and linux containers. In: 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). pp. 171\u2013172 (March 2015). \nhttps:\/\/doi.org\/10.1109\/ISPASS.2015.7095802","DOI":"10.1109\/ISPASS.2015.7095802"},{"key":"4_CR11","unstructured":"Fleming, M.: A thorough introduction to ebpf. [ONLINE] Available at: \nhttps:\/\/lwn.net\/Articles\/740157\/\n\n (2017), [Accessed 14 January 2019]"},{"key":"4_CR12","doi-asserted-by":"publisher","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for Unix processes. In: Proceedings 1996 IEEE Symposium on Security and Privacy. pp. 120\u2013128 (1996). \nhttps:\/\/doi.org\/10.1109\/SECPRI.1996.502675\n\n, \nhttp:\/\/ieeexplore.ieee.org\/document\/502675\/","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"4_CR13","doi-asserted-by":"publisher","unstructured":"Gantikow, H., Reich, C., Knahl, M., Clarke, N.: Providing security in container-based HPC runtime environments. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 9945 LNCS, 685\u2013695 (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-46079-6_48","DOI":"10.1007\/978-3-319-46079-6_48"},{"key":"4_CR14","doi-asserted-by":"publisher","unstructured":"Gantikow, H., Reich, C., Knahl, M., Clarke, N.: Rule-based Security Monitoring of Containerized Workloads. In: Proceedings of the 9th International Conference on Cloud Computing and Services Science. pp. 543\u2013550. Heraklion, Crete - Greece (2019). \nhttps:\/\/doi.org\/10.5220\/0007770005430550","DOI":"10.5220\/0007770005430550"},{"key":"4_CR15","doi-asserted-by":"publisher","unstructured":"Gao, X., Gu, Z., Kayaalp, M., Pendarakis, D., Wang, H.: ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds. Proceedings - 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, DSN 2017 pp. 237\u2013248 (2017). \nhttps:\/\/doi.org\/10.1109\/DSN.2017.49","DOI":"10.1109\/DSN.2017.49"},{"key":"4_CR16","unstructured":"Jacobsen, D.M., Canon, R.S.: Contain This, Unleashing Docker for HPC. Cray User Group 2015 p. 14 (2015), \nhttps:\/\/www.nersc.gov\/assets\/Uploads\/cug2015udi.pdf"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Kang, D.k., Fuller, D., Honavar, V.: Learning Classifiers for Misuse Detection Using a Bag of System Calls Representation. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY pp. 511\u2013516 (2005)","DOI":"10.1007\/11427995_51"},{"key":"4_CR18","doi-asserted-by":"publisher","unstructured":"Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 9992 LNAI, pp. 137\u2013149 (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-50127-7_11","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"4_CR19","unstructured":"Kopytov, A.: Sysbench: Scriptable database and system performance benchmark. [ONLINE] Available at: \nhttps:\/\/github.com\/akopytov\/sysbench\n\n (2019), [Accessed 14 January 2019]"},{"key":"4_CR20","doi-asserted-by":"publisher","unstructured":"Koucham, O., Rachidi, T., Assem, N.: Host intrusion detection using system call argument-based clustering combined with Bayesian classification. IntelliSys 2015 - Proceedings of 2015 SAI Intelligent Systems Conference pp. 1010\u20131016 (2015). \nhttps:\/\/doi.org\/10.1109\/IntelliSys.2015.7361267","DOI":"10.1109\/IntelliSys.2015.7361267"},{"key":"4_CR21","doi-asserted-by":"publisher","unstructured":"Kurtzer, G.M., Sochat, V., Bauer, M.W., Favre, T., Capota, M., Chakravarty, M.: Singularity: Scientific containers for mobility of compute. Plos One 12(5), e0177459 (2017). \nhttps:\/\/doi.org\/10.1371\/journal.pone.0177459\n\n, \nhttp:\/\/dx.plos.org\/10.1371\/journal.pone.0177459","DOI":"10.1371\/journal.pone.0177459"},{"key":"4_CR22","doi-asserted-by":"publisher","unstructured":"Lei, L., Sun, J., Sun, K., Shenefiel, C., Ma, R., Wang, Y., Li, Q.: SPEAKER: Split-phase execution of application containers. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 10327 LNCS, pp. 230\u2013251 (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-60876-1_11","DOI":"10.1007\/978-3-319-60876-1_11"},{"key":"4_CR23","doi-asserted-by":"publisher","unstructured":"Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A Measurement Study on Linux Container Security. In: 2018 Annual Computer Security Applications Conference (ACSAC \u201918). pp. 418\u2013429. ACM, New York, NY, USA, San Juan, PR, USA (2018). \nhttps:\/\/doi.org\/10.1145\/3274694.3274720","DOI":"10.1145\/3274694.3274720"},{"issue":"4","key":"4_CR24","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1109\/TDSC.2008.69","volume":"7","author":"F Maggi","year":"2010","unstructured":"Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing 7(4), 381\u2013395 (2010). \nhttps:\/\/doi.org\/10.1109\/TDSC.2008.69","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"4_CR25","doi-asserted-by":"publisher","unstructured":"Mattetti, M., Shulman-Peleg, A., Allouche, Y., Corradi, A., Dolev, S., Foschini, L.: Securing the infrastructure and the workloads of linux containers. 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 (Spc), 559\u2013567 (2015). \nhttps:\/\/doi.org\/10.1109\/CNS.2015.7346869","DOI":"10.1109\/CNS.2015.7346869"},{"key":"4_CR26","doi-asserted-by":"publisher","unstructured":"Nikolai, J.: Hypervisor-based cloud intrusion detection system. 2014 International Conference on Computing, Networking and Communications (ICNC) (2014). \nhttps:\/\/doi.org\/10.1109\/ICCNC.2014.6785472","DOI":"10.1109\/ICCNC.2014.6785472"},{"key":"4_CR27","unstructured":"Open Container Initiative: OCI Image Format Specification vol 1.0.0. Tech. rep. (2017), \nhttps:\/\/github.com\/opencontainers\/image-spec\/releases\/tag\/v1.0.0"},{"key":"4_CR28","unstructured":"Open Container Initiative: OCI Runtime Specification vol 1.0.0. Tech. rep. (2017), \nhttps:\/\/github.com\/opencontainers\/runtime-spec\/releases\/tag\/v1.0.0"},{"key":"4_CR29","unstructured":"OWASP: Owasp webgoat project. [ONLINE] Available at: \nhttps:\/\/www.owasp.org\/index.php\/Category:OWASP_WebGoat_Project\n\n (2018), [Accessed 14 January 2019]"},{"key":"4_CR30","unstructured":"Portworx: 2018 Container Adoption Survey. Tech. rep. (December 2018), \nhttps:\/\/portworx.com\/wp-content\/uploads\/2018\/12\/Portworx-Container-Adoption-Survey-Report-2018.pdf"},{"key":"4_CR31","doi-asserted-by":"publisher","unstructured":"Priedhorsky, R., Randles, T.C., Randles, T.: Charliecloud: Unprivileged containers for user-defined software stacks in HPC. SC17: International Conference for High Performance Computing, Networking, Storage and Analysis 17, p1\u201310 (2017). \nhttps:\/\/doi.org\/10.1145\/3126908.3126925\n\n, \nhttp:\/\/permalink.lanl.gov\/object\/tr?what=info:lanl-repo\/lareport\/LA-UR-16-22370","DOI":"10.1145\/3126908.3126925"},{"key":"4_CR32","doi-asserted-by":"publisher","unstructured":"Souppaya, M., Morello, J., Scarfone, K.: Application container security guide. NIST Special Publication 800-190 (2017). \nhttps:\/\/doi.org\/10.6028\/NIST.SP.800-190\n\n, \nhttps:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-190.pdf","DOI":"10.6028\/NIST.SP.800-190"},{"key":"4_CR33","unstructured":"Stoler, N.: How i hacked play-with-docker and remotely ran code on the host. [ONLINE] Available at: \nhttps:\/\/www.cyberark.com\/threat-research-blog\/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host\/\n\n (2019), [Accessed 14 January 2019]"},{"key":"4_CR34","unstructured":"Sysdig: Docker Usage Report 2018 - An inside look at shifting container usage trends. (2018), \nhttps:\/\/sysdig.com\/blog\/2018-docker-usage-report\/"},{"key":"4_CR35","unstructured":"Sysdig: Sysdig falco: Behavioral activity monitoring with container support. [ONLINE] Available at: \nhttps:\/\/github.com\/draios\/oss-falco\n\n (2019), [Accessed 14 January 2019]"},{"key":"4_CR36","unstructured":"Sysdig: Sysdig: Linux system exploration and troubleshooting tool with first class support for containers. [ONLINE] Available at: \nhttps:\/\/github.com\/draios\/sysdig\n\n (2019), [Accessed 14 January 2019]"},{"key":"4_CR37","unstructured":"Tripwire: State of Container Security Report. Tech. Rep. January (2019), \nhttps:\/\/www.tripwire.com\/solutions\/devops\/tripwire-dimensional-research-state-of-container-security-report-register\/"},{"key":"4_CR38","unstructured":"Walsh, D.: Container tidbits: Adding capabilities to a container. [ONLINE] Available at: \nhttps:\/\/rhelblog.redhat.com\/2016\/11\/30\/container-tidbits-adding-capabilities-to-a-container\/\n\n (2016), [Accessed 10 January 2019]"},{"key":"4_CR39","unstructured":"Young, E.G., Zhu, P., Caraza-Harter, T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: The True Cost of Containing: A gVisor Case Study. In: Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing. p. 16. HotCloud\u201919, USENIX Association, Berkeley, CA, USA (2019), \nhttp:\/\/dl.acm.org\/citation.cfm?id=3357034.3357054"}],"container-title":["Communications in Computer and Information Science","Cloud Computing and Services Science"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-49432-2_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,6,3]],"date-time":"2020-06-03T14:52:49Z","timestamp":1591195969000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-49432-2_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030494315","9783030494322"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-49432-2_4","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"4 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CLOSER","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Cloud Computing and Services Science","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 May 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 May 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"closer2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.closer.scitevents.org\/?y=2019","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"PRIMORIS","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"102","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}