17643864. CLUSTERED CONTAINER PROTECTION simplified abstract (INTERNATIONAL BUSINESS MACHINES CORPORATION)
Contents
CLUSTERED CONTAINER PROTECTION
Organization Name
INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventor(s)
Yun-Chang Lo of Taipei City (TW)
Chun-Shuo Lin of Taipei City (TW)
Wei-Hsiang Hsiung of Taipei (TW)
CLUSTERED CONTAINER PROTECTION - A simplified explanation of the abstract
This abstract first appeared for US patent application 17643864 titled 'CLUSTERED CONTAINER PROTECTION
Simplified Explanation
The patent application describes a method for identifying anomalous behavior in containers used in computer systems. Here are the key points:
- The method involves determining a runtime feature set for a container, which includes aggregated behavior of the container over time.
- The container is then clustered with other containers or pods that have similar purposes, behaviors, and file structures.
- An additional runtime feature set is determined for each clustered container.
- A variance is calculated between the original container and each clustered container.
- If the calculated variance exceeds a threshold, the original container is identified as anomalous.
Potential applications of this technology:
- Monitoring and managing containerized applications in cloud computing environments.
- Detecting and preventing security breaches or malicious activities within containers.
- Optimizing resource allocation and performance tuning for containerized applications.
Problems solved by this technology:
- Identifying abnormal behavior or deviations from expected patterns in containerized applications.
- Streamlining the management and monitoring of large-scale container deployments.
- Enhancing the security and reliability of containerized applications.
Benefits of this technology:
- Improved efficiency and accuracy in identifying anomalous behavior in containers.
- Enhanced security and threat detection capabilities for containerized applications.
- Better resource utilization and performance optimization for containerized applications.
Original Abstract Submitted
One or more computer processors determine a runtime feature set for a first container, wherein the runtime feature set includes aggregated temporally collocated container behavior. The one or more computer processors cluster the first container with one or more peer containers or peer pods based on a shared container purpose, similar container behaviors, and similar container file structure. The one or more computer processors determine an additional runtime feature set for each peer container. The one or more computer processors calculate a variance between the first container and each peer container. The one or more computer processors, responsive to the calculated variance exceeding a variance threshold, identify the first container as anomalous.