{"id":"https://openalex.org/W4408324301","doi":"https://doi.org/10.1109/globecom52923.2024.10901578","title":"eBPF-Based Approach to Tracing System Calls and Predicting Privilege Escalation Attacks","display_name":"eBPF-Based Approach to Tracing System Calls and Predicting Privilege Escalation Attacks","publication_year":2024,"publication_date":"2024-12-08","ids":{"openalex":"https://openalex.org/W4408324301","doi":"https://doi.org/10.1109/globecom52923.2024.10901578"},"language":"en","primary_location":{"id":"doi:10.1109/globecom52923.2024.10901578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom52923.2024.10901578","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"GLOBECOM 2024 - 2024 IEEE Global Communications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049667009","display_name":"F\u00e1bio Junior Bertinatto","orcid":null},"institutions":[{"id":"https://openalex.org/I130442723","display_name":"Universidade Federal do Rio Grande do Sul","ror":"https://ror.org/041yk2d64","country_code":"BR","type":"education","lineage":["https://openalex.org/I130442723"]}],"countries":["BR"],"is_corresponding":true,"raw_author_name":"F\u00e1bio Junior Bertinatto","raw_affiliation_strings":["Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil","institution_ids":["https://openalex.org/I130442723"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087336466","display_name":"Diego Almeida-Gal\u00e1rraga","orcid":"https://orcid.org/0000-0002-9196-335X"},"institutions":[{"id":"https://openalex.org/I130442723","display_name":"Universidade Federal do Rio Grande do Sul","ror":"https://ror.org/041yk2d64","country_code":"BR","type":"education","lineage":["https://openalex.org/I130442723"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel Arioza Almeida","raw_affiliation_strings":["Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil","institution_ids":["https://openalex.org/I130442723"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072415351","display_name":"J\u00e9ferson Campos Nobre","orcid":"https://orcid.org/0000-0002-6275-6503"},"institutions":[{"id":"https://openalex.org/I130442723","display_name":"Universidade Federal do Rio Grande do Sul","ror":"https://ror.org/041yk2d64","country_code":"BR","type":"education","lineage":["https://openalex.org/I130442723"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"J\u00e9ferson Nobre","raw_affiliation_strings":["Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil","institution_ids":["https://openalex.org/I130442723"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069321002","display_name":"Lisandro Zambenedetti Granville","orcid":"https://orcid.org/0000-0001-8956-8660"},"institutions":[{"id":"https://openalex.org/I130442723","display_name":"Universidade Federal do Rio Grande do Sul","ror":"https://ror.org/041yk2d64","country_code":"BR","type":"education","lineage":["https://openalex.org/I130442723"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Lisandro Z Granville","raw_affiliation_strings":["Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio Grande do Sul,Institute of Informatics,Porto Alegre,Brazil","institution_ids":["https://openalex.org/I130442723"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5049667009"],"corresponding_institution_ids":["https://openalex.org/I130442723"],"apc_list":null,"apc_paid":null,"fwci":0.3653,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.66983347,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"3081","last_page":"3086"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9621000289916992,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9621000289916992,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7161152362823486},{"id":"https://openalex.org/keywords/tracing","display_name":"Tracing","score":0.7021377086639404},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.6388326287269592},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5016050338745117},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.34809091687202454},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3292282819747925}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7161152362823486},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.7021377086639404},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.6388326287269592},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5016050338745117},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.34809091687202454},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3292282819747925}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/globecom52923.2024.10901578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom52923.2024.10901578","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"GLOBECOM 2024 - 2024 IEEE Global Communications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321091","display_name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior","ror":"https://ror.org/00x0ma614"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1941427975","https://openalex.org/W1984350393","https://openalex.org/W2115348994","https://openalex.org/W2163030488","https://openalex.org/W2291034565","https://openalex.org/W2793353921","https://openalex.org/W2903038868","https://openalex.org/W4200120081","https://openalex.org/W4205556583","https://openalex.org/W4288064524","https://openalex.org/W6680653849","https://openalex.org/W6729130510","https://openalex.org/W6794299906"],"related_works":["https://openalex.org/W2374400535","https://openalex.org/W1603110617","https://openalex.org/W2108239983","https://openalex.org/W2892079901","https://openalex.org/W2940342784","https://openalex.org/W2888673113","https://openalex.org/W2134261832","https://openalex.org/W4385764548","https://openalex.org/W2056065966","https://openalex.org/W2378735042"],"abstract_inverted_index":{"The":[0],"extensive":[1],"adoption":[2],"of":[3,10,23,76],"containerized":[4,39,58,107,131],"applications":[5,40,59],"significantly":[6],"raises":[7],"the":[8,21,62,74,89],"criticality":[9],"managing":[11],"potential":[12],"vulnerabilities,":[13],"including":[14],"privilege":[15,67],"escalation":[16,68],"within":[17,70,105],"these":[18],"environments.":[19],"While":[20],"Bag":[22],"System":[24],"Calls":[25],"(BoSC)":[26],"is":[27,41],"a":[28,95,106,127],"common":[29],"technique":[30,64],"to":[31,53,65,119],"detect":[32],"such":[33],"attacks,":[34],"tracing":[35,101],"system":[36,55,78,132],"calls":[37,56],"in":[38,57,98],"often":[42],"inefficient":[43],"for":[44,130],"real-world":[45],"scenarios.":[46],"This":[47],"paper":[48],"proposes":[49],"an":[50],"eBPF-based":[51],"solution":[52,114],"trace":[54],"and":[60,82],"apply":[61],"BoSC":[63],"identify":[66],"attempts":[69],"containers.":[71],"We":[72],"analyzed":[73],"cost":[75],"different":[77],"call":[79],"hooking":[80],"methods":[81],"found":[83],"that":[84,112,123],"raw":[85],"tracepoint":[86],"programs":[87],"have":[88],"least":[90],"overhead.":[91],"Furthermore,":[92],"we":[93,110],"observed":[94],"slight":[96],"increase":[97],"overhead":[99],"when":[100],"all":[102],"executed":[103],"operations":[104],"application.":[108],"Finally,":[109],"confirmed":[111],"our":[113],"successfully":[115],"identifies":[116],"user":[117],"efforts":[118],"escape":[120],"containers,":[121],"concluding":[122],"eBPF":[124],"can":[125],"be":[126],"powerful":[128],"tool":[129],"security.":[133]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-12-28T23:10:05.387466","created_date":"2025-10-10T00:00:00"}