Enhancing cloud native security: a knowledge graph approach for securing container runtimes

Enhancing cloud native security: a knowledge graph approach for securing container runtimes

연구 분야: Infrastructure

학회: Cluster Computing

Security Operations Centres (SOCs) face alert fatigue and undetected threats in cloud-native environments, as traditional SIEM systems struggle to analyze high-volume logs from containerized microservices. These threats often remain hidden during routine monitoring, only surfacing during prolonged investigations, which delays mitigation and increases operational risks. Semantic technologies have shown promise for transforming heterogeneous data into contextualized insights; however, traditional approaches falter when aggregating heterogeneous sources. This work tackles this gap by proposing a hybrid knowledge graph (KG) combining rule-based detection with KG-assisted investigation, leveraging kernel-level telemetry and the Elastic Common Schema (ECS). Our experimental validation, conducted within the investigation phase of a cloud-native SOC, demonstrates a 20 reduction in time latency for contextualized threat analysis compared to traditional SIEM workflows, while enabling complex cross-layer queries that uncover relationships previously unattainable with rule-based methods.