Welcome to the GitHub repository for "ReplicaWatcher: Training-less Anomaly Detection in Containerized Microservices", as presented at the Network and Distributed System Security Symposium (NDSS) 2024. Our work introduces a novel, training-less approach to anomaly detection in containerized microservices. For more details, please check out our paper here.
ReplicaWatcher leverages redundancy and narrow functionalities in microservices to detect anomalies by analyzing discrepancies between replicas.
This repository is organized into three main folders:
-
chisel: Contains the code for our customized chisel, designed to extract kernel events generated by replicas.
-
replicawatcher: Contains the core logic of ReplicaWatcher. It includes the algorithms and mechanisms for processing the kernel events captured by the chisel, as well as for identifying anomalies.
-
normalityshift: Contains a demonstration of how an upgrade at the base OS level can lead to changes in the executed system calls.
If you use ReplicaWatcher in your research, please consider citing our paper:
@inproceedings{elkhairi_replicawatcher_24,
author = {Asbat El Khairi and Marco Caselli and Andreas Peter and Andrea Continella},
booktitle = {Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)},
month = {February},
title = {ReplicaWatcher: Training-less Anomaly Detection in Containerized Microservices},
year = {2024}
}