{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T04:02:24Z","timestamp":1747368144363,"version":"3.40.5"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031928857","type":"print"},{"value":"9783031928864","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-92886-4_11","type":"book-chapter","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:13:05Z","timestamp":1747289585000},"page":"155-169","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Identifying and\u00a0Analyzing Vulnerabilities and\u00a0Exploits in\u00a0On-Premises Kubernetes"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-8333-7192","authenticated-orcid":false,"given":"Sunny","family":"Chowdhury","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7344-6869","authenticated-orcid":false,"given":"Florian","family":"Freund","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"11_CR1","doi-asserted-by":"publisher","unstructured":"Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K.: Log correlation for intrusion detection: a proof of concept. In: Proceedings of the19th Annual Computer Security Applications Conference, pp. 255\u2013264 (2003). https:\/\/doi.org\/10.1109\/CSAC.2003.1254330","DOI":"10.1109\/CSAC.2003.1254330"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Almseidin, M., Alzubi, M., Kovacs, S., Alkasassbeh, M.: Evaluation of machine learning algorithms for intrusion detection system. In: 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), pp. 000277\u2013000282. IEEE (2017)","DOI":"10.1109\/SISY.2017.8080566"},{"key":"11_CR3","unstructured":"Authors, T.K.: Case Studies. https:\/\/kubernetes.io\/case-studies\/"},{"key":"11_CR4","unstructured":"Barbhuiya, S., Papazachos, Z., Kilpatrick, P., Nikolopoulos, D.S.: Rads: real-time anomaly detection system for cloud data centres. arXiv preprint arXiv:1811.04481 (2018)"},{"key":"11_CR5","unstructured":"Calico: Enable a default deny policy for Kubernetes pods $$|$$ Calico Documentation. https:\/\/docs.tigera.io\/calico\/latest\/network-policy\/get-started\/kubernetes-default-deny"},{"key":"11_CR6","unstructured":"CapitalOne: 2019 Capital One Cyber Incident $$|$$ What Happened $$|$$ Capital One. https:\/\/www.capitalone.com\/digital\/facts2019\/"},{"key":"11_CR7","unstructured":"Chierici, S.: Analysis on Docker Hub malicious images: attacks through public container images (2022). https:\/\/sysdig.com\/blog\/analysis-of-supply-chain-attacks-through-public-docker-images\/"},{"key":"11_CR8","unstructured":"CNCF: CNCF Annual Survey 2023 (2024). https:\/\/www.cncf.io\/reports\/cncf-annual-survey-2023\/"},{"key":"11_CR9","unstructured":"Database, N.V.: NVD - CVE-2019-11245. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11245"},{"key":"11_CR10","unstructured":"Database, N.V.: NVD - cve-2019-5736. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2019-5736"},{"key":"11_CR11","unstructured":"Datadog: Monitoring Kubernetes with Datadog (2019). https:\/\/www.datadoghq.com\/blog\/monitoring-kubernetes-with-datadog\/"},{"key":"11_CR12","unstructured":"Fraunhofer: Fraunhofer IIS. https:\/\/www.iis.fraunhofer.de\/de.html"},{"key":"11_CR13","doi-asserted-by":"publisher","unstructured":"Gantikow, H., Reich, C., Knahl, M., Clarke, N.: Rule-based security monitoring of containerized workloads. In: Proceedings of the 9th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, pp. 543\u2013550. INSTICC, SciTePress (2019). https:\/\/doi.org\/10.5220\/0007770005430550","DOI":"10.5220\/0007770005430550"},{"key":"11_CR14","unstructured":"Graylog: Correlation Engine. https:\/\/graylog.org\/features\/correlation-engine\/"},{"key":"11_CR15","unstructured":"Graylog: Graylog Architecture. https:\/\/go2docs.graylog.org\/current\/what_is_graylog\/what_is_graylog.htm"},{"key":"11_CR16","unstructured":"G\u00fcl, E., Y\u0131lmaz, E.N.: Log management with open source tools. In: SETSCI-Conference Proceedings, vol.\u00a04, pp. 164\u2013171. SETSCI-Conference Proceedings (2019)"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Horalek, J., Urbanik, P., Sobeslav, V., Svoboda, T.: Proposed solution for log collection and analysis in kubernetes environment. In: International Conference on Nature of Computation and Communication, pp. 9\u201322. Springer (2022)","DOI":"10.1007\/978-3-031-28790-9_2"},{"key":"11_CR18","doi-asserted-by":"publisher","unstructured":"Islam\u00a0Shamim, M.S., Ahamed\u00a0Bhuiyan, F., Rahman, A.: Xi commandments of kubernetes security: a systematization of knowledge related to kubernetes security practices. In: 2020 IEEE Secure Development (SecDev), pp. 58\u201364 (2020). https:\/\/doi.org\/10.1109\/SecDev45635.2020.00025","DOI":"10.1109\/SecDev45635.2020.00025"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Jayasinghe, K., Poravi, G.: A survey of attack instances of cryptojacking targeting cloud infrastructure. In: Proceedings of the 2020 2nd Asia Pacific Information Technology Conference, pp. 100\u2013107 (2020)","DOI":"10.1145\/3379310.3379323"},{"key":"11_CR20","unstructured":"Johnston, S.: Thank You to the Stack Overflow Community for Ranking Docker the Most Used, Desired, and Admired Developer Tool $$|$$ Docker (2024). https:\/\/www.docker.com\/blog\/docker-stack-overflow-survey-thank-you-2024\/, section: Community"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Kaplan, B., Maxwell, J.A.: Qualitative research methods for evaluating computer information systems. In: Evaluating the Organizational Impact of Healthcare Information Systems, pp. 30\u201355. Springer (2005)","DOI":"10.1007\/0-387-30329-4_2"},{"issue":"3","key":"11_CR22","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1109\/TPDS.2020.3029088","volume":"32","author":"RR Karn","year":"2020","unstructured":"Karn, R.R., Kudva, P., Huang, H., Suneja, S., Elfadel, I.M.: Cryptomining detection in container clouds using system calls and explainable machine learning. IEEE Trans. Parallel Distrib. Syst. 32(3), 674\u2013691 (2020)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"11_CR23","unstructured":"Kubernetes: Logging Architecture. https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/logging\/, section: docs"},{"issue":"11","key":"11_CR24","first-page":"11","volume":"2","author":"G Kumar","year":"2014","unstructured":"Kumar, G.: Evaluation metrics for intrusion detection systems-a study. Evaluation 2(11), 11\u20137 (2014)","journal-title":"Evaluation"},{"key":"11_CR25","unstructured":"Liu, G., Gao, X., Wang, H., Sun, K.: Exploring the unchartered space of container registry typosquatting. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 35\u201351 (2022)"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Luksa, M.: Kubernetes in action. Simon and Schuster (2017)","DOI":"10.3139\/9783446456020.fm"},{"key":"11_CR27","unstructured":"Maguire, M., Delahunt, B.: Doing a thematic analysis: a practical, step-by-step guide for learning and teaching scholars. All Ireland J. High. Educ. 9(3) (2017)"},{"key":"11_CR28","unstructured":"Martin, A., Hausenblas, M.: Hacking Kubernetes. O\u2019Reilly Media, Inc. (2021)"},{"key":"11_CR29","unstructured":"McDaniel, Z.: 10 Best Graylog Alternatives (2023). https:\/\/sematext.com\/blog\/best-graylog-alternatives\/"},{"key":"11_CR30","unstructured":"Mu\u00f1oz, M.\u00c1.L.: Kubernetes near real-time monitoring and secure network architectures. Ph.D. thesis, School of Computer Science and Statistics Kubernetes Near Real-Time\u00a0... (2022)"},{"key":"11_CR31","unstructured":"Newman, S.: Building microservices. O\u2019Reilly Media, Inc. (2021)"},{"issue":"3","key":"11_CR32","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1080\/07421222.1990.11517898","volume":"7","author":"JF Nunamaker Jr","year":"1990","unstructured":"Nunamaker, J.F., Jr., Chen, M., Purdin, T.D.: Systems development in information systems research. J. Manag. Inf. Syst. 7(3), 89\u2013106 (1990)","journal-title":"J. Manag. Inf. Syst."},{"key":"11_CR33","unstructured":"OCI: Open Container Initiative - Open Container Initiative. https:\/\/opencontainers.org\/"},{"key":"11_CR34","unstructured":"Panagiotis, M.: Attack methods and defenses on Kubernetes. Ph.D. thesis, University of Piraeus (Greece) (2020)"},{"issue":"12","key":"11_CR35","doi-asserted-by":"publisher","first-page":"3448","DOI":"10.1016\/j.comnet.2007.02.001","volume":"51","author":"A Patcha","year":"2007","unstructured":"Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448\u20133470 (2007)","journal-title":"Comput. Netw."},{"key":"11_CR36","unstructured":"Patrich, Dotan, Y.W.: Mitigate threats with the new threat matrix for Kubernetes (2022). https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/12\/07\/mitigate-threats-with-the-new-threat-matrix-for-kubernetes\/"},{"key":"11_CR37","unstructured":"Rancher: Comparing Kubernetes CNI Providers: Flannel, Calico, Canal, and Weave. https:\/\/www.suse.com\/c\/rancher_blog\/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave\/"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Russell, E., Dev, K.: Centralized defense: logging and mitigation of kubernetes misconfigurations with open source tools. arXiv preprint arXiv:2408.03714 (2024)","DOI":"10.2139\/ssrn.4869634"},{"key":"11_CR39","unstructured":"Sasson, A.: 20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub (2021). https:\/\/unit42.paloaltonetworks.com\/malicious-cryptojacking-images\/"},{"key":"11_CR40","doi-asserted-by":"crossref","unstructured":"Spahn, N., Hanke, N., Holz, T., Kruegel, C., Vigna, G.: Container orchestration honeypot: observing attacks in the wild. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 381\u2013396 (2023)","DOI":"10.1145\/3607199.3607205"},{"key":"11_CR41","unstructured":"Splunk: Kubernetes Monitoring Solutions. https:\/\/www.splunk.com\/en_us\/solutions\/kubernetes-monitoring.html"},{"key":"11_CR42","doi-asserted-by":"publisher","unstructured":"Subramanian, K., Meng, W.: Threat hunting using elastic stack: an evaluation. In: 2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), pp.\u00a01\u20136 (2021). https:\/\/doi.org\/10.1109\/SOLI54607.2021.9672347","DOI":"10.1109\/SOLI54607.2021.9672347"},{"key":"11_CR43","unstructured":"SumoLogic: Kubernetes $$|$$ Sumo Logic Docs. https:\/\/help.sumologic.com\/docs\/integrations\/containers-orchestration\/kubernetes\/"},{"key":"11_CR44","unstructured":"SUSE: SUSE $$|$$ CTO\u2019s Guide to Containers and Kubernetes. https:\/\/more.suse.com\/CTO-guide-containers-kubernetes-top-10-faqs.html"},{"key":"11_CR45","unstructured":"Team, C.: Container Escape: All You Need is Cap (Capabilities). https:\/\/www.cybereason.com\/blog\/container-escape-all-you-need-is-cap-capabilities"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-92886-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T06:13:23Z","timestamp":1747289603000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-92886-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031928857","9783031928864"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-92886-4_11","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2025.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}