{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T15:08:24Z","timestamp":1774883304967,"version":"3.50.1"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T00:00:00Z","timestamp":1766016000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T00:00:00Z","timestamp":1766016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,5]]},"DOI":"10.1007\/s10664-025-10784-1","type":"journal-article","created":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T11:00:48Z","timestamp":1766055648000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["eBPF-Guard: a detection method for container escape via multi-level monitoring and enhanced analysis model"],"prefix":"10.1007","volume":"31","author":[{"given":"Xiaotang","family":"Lin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhide","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wencheng","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuechao","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Junwei","family":"Luo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2735-2359","authenticated-orcid":false,"given":"Xu","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,12,18]]},"reference":[{"key":"10784_CR1","doi-asserted-by":"crossref","unstructured":"Abranches M, Michel O, Keller E, Schmid S (2021) Efficient network monitoring applications in the kernel with ebpf and xdp. In: 2021 IEEE conference on network function virtualization and software defined networks (NFV-SDN), pp 28\u201334 . IEEE","DOI":"10.1109\/NFV-SDN53031.2021.9665095"},{"issue":"2","key":"10784_CR2","doi-asserted-by":"publisher","first-page":"1715","DOI":"10.1109\/TNSM.2024.3358730","volume":"21","author":"C Almodovar","year":"2024","unstructured":"Almodovar C, Sabrina F, Karimi S, Azad S (2024) Logfit: Log anomaly detection using fine-tuned language models. IEEE Trans Netw Serv Manage 21(2):1715\u20131723","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"10784_CR3","unstructured":"Baker SA, Mohammed HH, Alsaif OI (2024) Docker container security analysis based on virtualization technologies. International Journal for Computers & Their Applications 31(1)"},{"key":"10784_CR4","unstructured":"Bhat S, Shacham H (2022) Formal verification of the linux kernel eBPF verifier range analysis. Technical Report, 2022.[Online]. Available: https:\/\/sanjit-bhat.github.io"},{"key":"10784_CR5","doi-asserted-by":"crossref","unstructured":"Brady K, Moon S, Nguyen T, et al (2020) Docker container security in cloud computing. In: 2020 10th annual computing and communication workshop and conference (CCWC), pp 0975\u20130980. IEEE,","DOI":"10.1109\/CCWC47524.2020.9031195"},{"key":"10784_CR6","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","volume":"15","author":"X Chen","year":"2019","unstructured":"Chen X, Li C, Wang D, Wen S, Zhang J, Nepal S, Xiang Y, Ren K (2019) Android HIV: A study of repackaging malware for evading machine-learning detection. IEEE Trans Inf Forensics Secur 15:987\u20131001","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10784_CR7","doi-asserted-by":"crossref","unstructured":"Chen X, Yamai N, Nakagawa R, Tsutsumi T, Jin Y (2024) Usability enhancement of imap agent system with considering privacy preservation using docker container. In: 2024 15th International Conference on Information and Communication Technology Convergence (ICTC), pp 78\u201383 . IEEE","DOI":"10.1109\/ICTC62082.2024.10826764"},{"issue":"5","key":"10784_CR8","doi-asserted-by":"publisher","first-page":"872","DOI":"10.1109\/JAS.2025.125498","volume":"12","author":"Z Deng","year":"2025","unstructured":"Deng Z, Ma W, Han Q, Zhou W, Zhu X, Wen S, Xiang Y (2025) Exploring deepseek: A survey on advances, applications, challenges and future directions. IEEE\/CAA Journal of Automatica Sinica 12(5):872\u2013893. https:\/\/doi.org\/10.1109\/JAS.2025.125498","journal-title":"IEEE\/CAA Journal of Automatica Sinica"},{"key":"10784_CR9","doi-asserted-by":"crossref","unstructured":"Dodda S, Chintala S, Kunchakuri N, Kamuni N (2024) Enhancing microservice reliability in cloud environments using machine learning for anomaly detection. In: 2024 International conference on computing, sciences and communications (ICCSC), pp 1\u20135 . IEEE","DOI":"10.1109\/ICCSC62048.2024.10830437"},{"key":"10784_CR10","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1016\/j.procs.2020.07.025","volume":"175","author":"O Flauzac","year":"2020","unstructured":"Flauzac O, Mauhourat F, Nolot F (2020) A review of native container security for running applications. Procedia Comput Sci 175:157\u2013164","journal-title":"Procedia Comput Sci"},{"key":"10784_CR11","doi-asserted-by":"crossref","unstructured":"Gallego-Madrid J, Sanchez-Iborra R, Gomez AS (2024) ebpf and xdp technologies as enablers for ultra-fast and programmable next-gen network infrastructures. In: Resource management in distributed systems, pp. 269\u2013283. Springer,","DOI":"10.1007\/978-981-97-2644-8_13"},{"key":"10784_CR12","first-page":"15908","volume":"34","author":"K Han","year":"2021","unstructured":"Han K, Xiao A, Wu E, Guo J, Xu C, Wang Y (2021) Transformer in transformer. Adv Neural Inf Process Syst 34:15908\u201315919","journal-title":"Adv Neural Inf Process Syst"},{"key":"10784_CR13","doi-asserted-by":"crossref","unstructured":"Haq M.S, Nguyen T.D, Tosun A.\u015e, Vollmer F, Korkmaz T, Sadeghi A.-R. (2024) Sok: A comprehensive analysis and evaluation of docker container attack and defense mechanisms. In: 2024 IEEE symposium on security and privacy (SP), pp 4573\u20134590 . IEEE","DOI":"10.1109\/SP54263.2024.00268"},{"key":"10784_CR14","unstructured":"He Y, Guo R, Xing Y, Che X, Sun K, Liu Z, Xu K, Li Q (2023) Cross container attacks: The bewildered $$\\{eBPF\\}$$ on clouds. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 5971\u20135988"},{"key":"10784_CR15","doi-asserted-by":"crossref","unstructured":"Jarkas O, Ko R, Dong N, Mahmud R (2025) A container security survey: Exploits, attacks, and defenses. ACM Computing Surveys","DOI":"10.1145\/3715001"},{"issue":"6","key":"10784_CR16","doi-asserted-by":"publisher","first-page":"025","DOI":"10.1093\/gigascience\/giab025","volume":"10","author":"B Kaur","year":"2021","unstructured":"Kaur B, Dugr\u00e9 M, Hanna A, Glatard T (2021) An analysis of security vulnerabilities in container images for scientific data analysis. GigaScience 10(6):025","journal-title":"GigaScience"},{"key":"10784_CR17","doi-asserted-by":"crossref","unstructured":"Kithulwatta W, Wickramaarachchi WU, Jayasena K, Kumara B, Rathnayaka R (2021) Adoption of docker containers as an infrastructure for deploying software applications: A review. Advances on Smart and Soft Computing Proceedings of ICACIn 2021:247\u2013259","DOI":"10.1007\/978-981-16-5559-3_21"},{"key":"10784_CR19","doi-asserted-by":"crossref","unstructured":"Lin Y, Tunde-Onadele O, Gu X, He J, Latapie H. (2022) Shil: Self-supervised hybrid learning for security attack detection in containerized applications. In: 2022 IEEE international conference on autonomic computing and self-organizing systems (ACSOS), pp 41\u201350 . IEEE","DOI":"10.1109\/ACSOS55765.2022.00022"},{"key":"10784_CR18","doi-asserted-by":"crossref","unstructured":"Li Z (2021) Comparison between common virtualization solutions: Vmware workstation, hyper-v and docker. In: 2021 IEEE 3rd international conference on frontiers technology of information and computer (ICFTIC), pp 701\u2013707 . IEEE","DOI":"10.1109\/ICFTIC54370.2021.9647226"},{"key":"10784_CR20","doi-asserted-by":"crossref","unstructured":"Lu H, Du X, Hu D, Su S, Tian Z (2025) Bpfguard: Multi-granularity container runtime mandatory access control. IEEE Transactions on Cloud Computing","DOI":"10.1109\/TCC.2025.3551838"},{"key":"10784_CR21","doi-asserted-by":"crossref","unstructured":"Mohite R, Thangaraju B (2024) Enhancing container security with per-process per-container egress packet filtering using ebpf. In: 2024 International conference on electrical, computer and energy technologies (ICECET), pp 1\u20138. IEEE,","DOI":"10.1109\/ICECET61485.2024.10698563"},{"key":"10784_CR40","doi-asserted-by":"crossref","unstructured":"Moric Z, Dakic V, Kulic M (2024) Implementing a security framework for container orchestration, 2024 IEEE 11th International conference on cyber security and cloud computing (CSCloud):200\u2013206","DOI":"10.1109\/CSCloud62866.2024.00042"},{"key":"10784_CR22","doi-asserted-by":"crossref","unstructured":"Muzumdar P, Bhosale A, Basyal G.P, Kurian G (2024) Navigating the docker ecosystem: A comprehensive taxonomy and survey. arXiv:2403.17940","DOI":"10.9734\/ajrcos\/2024\/v17i1411"},{"key":"10784_CR23","doi-asserted-by":"crossref","unstructured":"Qi J, Huang S, Luan Z, Yang S, Fung C, Yang H, Qian D, Shang J, Xiao Z, Wu Z (2023) Loggpt: Exploring chatgpt for log-based anomaly detection. In: 2023 IEEE international conference on high performance computing & communications, data science & systems, smart city & dependability in sensor, cloud & big data systems & application (HPCC\/DSS\/SmartCity\/DependSys), pp 273\u2013280 . IEEE","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys60770.2023.00045"},{"key":"10784_CR24","doi-asserted-by":"crossref","unstructured":"Rahmansyah R, Suryani V, Yulianto FA, Ab\u00a0Rahman NH (2021) Reducing docker daemon attack surface using rootless mode. In: 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM), pp. 499\u2013502 . IEEE","DOI":"10.1109\/ICSECS52883.2021.00097"},{"issue":"1","key":"10784_CR25","first-page":"50","volume":"7","author":"F Safar","year":"2023","unstructured":"Safar F, Al King R (2023) Data security in cloud computing. Journal of International Journal of Wireless and Ad Hoc Communication 7(1):50\u201361","journal-title":"Journal of International Journal of Wireless and Ad Hoc Communication"},{"key":"10784_CR26","doi-asserted-by":"crossref","unstructured":"Sharma B, Nadig D (2024) ebpf-enhanced complete observability solution for cloud-native microservices. In: ICC 2024 - IEEE international conference on communications, pp 1980\u20131985. IEEE,","DOI":"10.1109\/ICC51166.2024.10622329"},{"key":"10784_CR27","doi-asserted-by":"crossref","unstructured":"Shen W, Wu Y, Yang Y, Liu Q, Yang N, Li J, Lu K, Ma J (2024) Towards understanding and defeating abstract resource attacks for container platforms. IEEE Transactions on Dependable and Secure Computing","DOI":"10.1109\/TDSC.2024.3403920"},{"issue":"1","key":"10784_CR28","doi-asserted-by":"publisher","first-page":"101887","DOI":"10.1016\/j.jksuci.2023.101887","volume":"36","author":"G Singh","year":"2024","unstructured":"Singh G, Singh P, Motii A, Hedabou M (2024) A secure and lightweight container migration technique in cloud computing. J King Saud Univ-Comput Inf Sci 36(1):101887","journal-title":"J King Saud Univ-Comput Inf Sci"},{"key":"10784_CR29","doi-asserted-by":"publisher","first-page":"57174","DOI":"10.1109\/ACCESS.2023.3281480","volume":"11","author":"D Soldani","year":"2023","unstructured":"Soldani D, Nahi P, Bour H, Jafarizadeh S, Soliman MF, Di Giovanna L, Monaco F, Ognibene G, Risso F (2023) ebpf: A new approach to cloud-native observability, networking and security for current (5g) and future mobile networks (6g and beyond). IEEE Access 11:57174\u201357202","journal-title":"IEEE Access"},{"key":"10784_CR30","unstructured":"Song S, Zhang Y, Gao N (2025) Confront insider threat: Precise anomaly detection in behavior logs based on llm fine-tuning. In: Proceedings of the 31st international conference on computational linguistics, pp 8589\u20138601"},{"key":"10784_CR31","doi-asserted-by":"publisher","first-page":"52976","DOI":"10.1109\/ACCESS.2019.2911732","volume":"7","author":"S Sultan","year":"2019","unstructured":"Sultan S, Ahmad I, Dimitriou T (2019) Container security: Issues, challenges, and the road ahead. IEEE access 7:52976\u201352996","journal-title":"IEEE access"},{"key":"10784_CR32","doi-asserted-by":"crossref","unstructured":"Wist K, Helsem M, Gligoroski D (2021) Vulnerability analysis of 2500 docker hub images. In: Advances in Security, Networks, and Internet of Things: Proceedings from SAM\u201920, ICWN\u201920, ICOMP\u201920, and ESCS\u201920, pp 307\u2013327 . Springer","DOI":"10.1007\/978-3-030-71017-0_22"},{"key":"10784_CR33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103140","volume":"128","author":"AY Wong","year":"2023","unstructured":"Wong AY, Chekole EG, Ochoa M, Zhou J (2023) On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers & Security 128:103140","journal-title":"Computers & Security"},{"key":"10784_CR35","doi-asserted-by":"crossref","unstructured":"Xu K, Wang X, Li L, Gao J (2024) ebpf-sec: A defensive framework against ebpf attacks on containers. In: 2024 IEEE symposium on computers and communications (ISCC), pp 1\u20137 . IEEE","DOI":"10.1109\/ISCC61673.2024.10733575"},{"key":"10784_CR34","doi-asserted-by":"publisher","first-page":"6168","DOI":"10.1109\/TIFS.2024.3411915","volume":"19","author":"S Xu","year":"2024","unstructured":"Xu S, Wang Y, Lei L et al (2024) Condo: enhancing container isolation through kernel permission data protection. IEEE Trans Inf Forensics Secur 19:6168\u20136183","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10784_CR36","doi-asserted-by":"crossref","unstructured":"Yang T, Nian Y, Li S, Xu R, Li Y, Li J, Xiao Z, Hu X, Rossi R, Ding K, et al (2024) Ad-llm: Benchmarking large language models for anomaly detection. arXiv:2412.11142","DOI":"10.18653\/v1\/2025.findings-acl.79"},{"key":"10784_CR37","unstructured":"Zhong Y, Li H, Wu Y.J, Zarkadas I, Tao J, Mesterhazy E, Makris M, Yang J, Tai A, Stutsman R, et al (2022) $$\\{$$XRP$$\\}$$:$$\\{$$In-Kernel$$\\}$$ storage functions with $$\\{$$eBPF$$\\}$$. In: 16th USENIX symposium on operating systems design and implementation (OSDI 22), pp 375\u2013393"},{"issue":"1","key":"10784_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/JAS.2024.124983","volume":"12","author":"W Zhou","year":"2025","unstructured":"Zhou W, Zhu X, Han Q-L, Li L, Chen X, Wen S, Xiang Y (2025) The security of using large language models - a survey with emphasis on chatgpt. IEEE\/CAA Journal of Automatica Sinica 12(1):1\u201326. https:\/\/doi.org\/10.1109\/JAS.2024.124983","journal-title":"IEEE\/CAA Journal of Automatica Sinica"},{"issue":"2","key":"10784_CR39","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1109\/JAS.2024.124971","volume":"12","author":"X Zhu","year":"2025","unstructured":"Zhu X, Zhou W, Han Q-L, Ma W, Wen S, Xiang Y (2025) When software security meets large language models: A survey. IEEE\/CAA Journal of Automatica Sinica 12(2):317\u2013334. https:\/\/doi.org\/10.1109\/JAS.2024.124971","journal-title":"IEEE\/CAA Journal of Automatica Sinica"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10784-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-025-10784-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10784-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T14:36:55Z","timestamp":1774881415000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-025-10784-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,18]]},"references-count":40,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,5]]}},"alternative-id":["10784"],"URL":"https:\/\/doi.org\/10.1007\/s10664-025-10784-1","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,18]]},"assertion":[{"value":"6 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}},{"value":"Not applicable.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Clinical Trial Number"}}],"article-number":"51"}}