logo

Lightning Talk: A GNN Based Framework for Kubernetes Security Agents: Threat and Vulnerability Detectors, Recommenders and Attack Simulators

2022-06-23

Authors:   Zeyno A Dodd


Abstract

According to a CNCF survey, 85% of the participating organizations emphasize the importance of security modernization for their cloud native deployments, along with the modernization of legacy infrastructure, adopting cloud-native security architectures, dynamic, standardized procedures, and automation going beyond the traditional security measures. Cloud-native security follows cloud-native technology, and with the implication of increased maturity of the cloud-native space, 82% expresses willingness to adopt OSS for security. This inclination is further relevant considering the challenge of sorting through a plethora of security and compliance products, frameworks and tools and lack of shared standards in an ever-evolving threat landscape. The need for adaptability and timely response to the threat of cyber-attacks drives global and focused efforts to build technologies, OSINT integration strategies, models and capabilities capturing CVEs, cybersecurity risk management frameworks, and knowledge bases of adversary tactics and techniques.Graph neural networks (GNNs) have received great attention due to their superior performance and ability to represent the real-world complexity in a variety of applications ranging from recommender systems to drug discovery. We outline a security strategy leveraging a GNN inference framework coupling prevention with detection capabilities against real-time threats and violations. Our efforts focus on the development of Kubernetes security agent templates, for real time detection, attack emulation and recommendation capabilities implementing various GNN inferences including link prediction and node classification. Our preliminary graph models are built and trained leveraging knowledge graphs from Mitre Att&ck framework threat patterns and techniques, and the Microsoft Security Threat Matrix for Kubernetes.

Materials:

Post a comment