Title:
CONTAINER ESCAPE DETECTION METHOD, APPARATUS AND SYSTEM, AND STORAGE MEDIUM
Document Type and Number:
WIPO Patent Application WO/2019/174193
Kind Code:
A1
Abstract:
A container escape detection method, apparatus and system, and a storage medium, which relate to the field of container security. The method comprises: an escape detection component (12) receiving information, reported by the container monitoring component (11), of multiple system calls triggered by a monitored container; and the escape detection component (12) matching the occurrence order of the multiple system calls with at least one set of pre-set system call orders in an escape detection rule, and determining, according to a matching result, whether the monitored container escapes, wherein each set of pre-set system call orders in the escape detection rule corresponds to a predicted occurrence order of multiple system calls triggered by one container escape behavior. According to the present invention, the strength of preventing container escape can be improved.
Inventors:
ZHANG YU (CN)
KUANG DAHU (CN)
YU YUE (CN)
CHEN YU (CN)
KUANG DAHU (CN)
YU YUE (CN)
CHEN YU (CN)
Application Number:
PCT/CN2018/102667
Publication Date:
September 19, 2019
Filing Date:
August 28, 2018
Export Citation:
Assignee:
HUAWEI TECH CO LTD (CN)
International Classes:
G06F21/53
Domestic Patent References:
| WO2014116740A2 | 2014-07-31 |
Foreign References:
| CN107679399A | 2018-02-09 | |||
| CN105608374A | 2016-05-25 | |||
| CN106778257A | 2017-05-31 | |||
| CN104915285A | 2015-09-16 |
Other References:
See also references of EP 3761198A4
Download PDF: