{"id":"https://openalex.org/W7126120136","doi":"https://doi.org/10.1109/nfv-sdn66355.2025.11349649","title":"CubeMig: MTD Live Migration in Kubernetes with LLM-Augmented Post-Incident Analysis","display_name":"CubeMig: MTD Live Migration in Kubernetes with LLM-Augmented Post-Incident Analysis","publication_year":2025,"publication_date":"2025-11-10","ids":{"openalex":"https://openalex.org/W7126120136","doi":"https://doi.org/10.1109/nfv-sdn66355.2025.11349649"},"language":"en","primary_location":{"id":"doi:10.1109/nfv-sdn66355.2025.11349649","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nfv-sdn66355.2025.11349649","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Conference on Network Function Virtualization and Software-Defined Networking (NFV-SDN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hdl.handle.net/11475/35409","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124178888","display_name":"Michael Meier Azhari","orcid":null},"institutions":[{"id":"https://openalex.org/I858936495","display_name":"ZHAW Zurich University of Applied Sciences","ror":"https://ror.org/05pmsvm27","country_code":"CH","type":"education","lineage":["https://openalex.org/I858936495"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Michael Meier Azhari","raw_affiliation_strings":["Zurich University of Applied Sciences (ZHAW),Switzerland"],"affiliations":[{"raw_affiliation_string":"Zurich University of Applied Sciences (ZHAW),Switzerland","institution_ids":["https://openalex.org/I858936495"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090025398","display_name":"Wissem Soussi","orcid":"https://orcid.org/0000-0001-7493-4816"},"institutions":[{"id":"https://openalex.org/I858936495","display_name":"ZHAW Zurich University of Applied Sciences","ror":"https://ror.org/05pmsvm27","country_code":"CH","type":"education","lineage":["https://openalex.org/I858936495"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Wissem Soussi","raw_affiliation_strings":["Zurich University of Applied Sciences (ZHAW),Switzerland"],"affiliations":[{"raw_affiliation_string":"Zurich University of Applied Sciences (ZHAW),Switzerland","institution_ids":["https://openalex.org/I858936495"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124091341","display_name":"G\u00fcrkan G\u00fcr","orcid":null},"institutions":[{"id":"https://openalex.org/I858936495","display_name":"ZHAW Zurich University of Applied Sciences","ror":"https://ror.org/05pmsvm27","country_code":"CH","type":"education","lineage":["https://openalex.org/I858936495"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"G\u00fcrkan G\u00fcr","raw_affiliation_strings":["Zurich University of Applied Sciences (ZHAW),Switzerland"],"affiliations":[{"raw_affiliation_string":"Zurich University of Applied Sciences (ZHAW),Switzerland","institution_ids":["https://openalex.org/I858936495"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5124178888"],"corresponding_institution_ids":["https://openalex.org/I858936495"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.84351793,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5839999914169312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5839999914169312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.1225999966263771,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.09989999979734421,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.6438999772071838},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5999000072479248},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.589900016784668},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.4203999936580658},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3919999897480011},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.30979999899864197}],"concepts":[{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.6438999772071838},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5999000072479248},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.589900016784668},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5742999911308289},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5673999786376953},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.4203999936580658},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3919999897480011},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.30979999899864197},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.29330000281333923},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.29019999504089355},{"id":"https://openalex.org/C2776987312","wikidata":"https://www.wikidata.org/wiki/Q19693316","display_name":"First responder","level":2,"score":0.28790000081062317},{"id":"https://openalex.org/C3018260909","wikidata":"https://www.wikidata.org/wiki/Q1322871","display_name":"Exploratory analysis","level":2,"score":0.287200003862381},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.2833999991416931},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.28189998865127563},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2718999981880188},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.25099998712539673}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/nfv-sdn66355.2025.11349649","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nfv-sdn66355.2025.11349649","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Conference on Network Function Virtualization and Software-Defined Networking (NFV-SDN)","raw_type":"proceedings-article"},{"id":"pmh:doi:10.21256/zhaw-35409","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference Paper"},{"id":"pmh:oai:digitalcollection.zhaw.ch:11475/35409","is_oa":true,"landing_page_url":"https://hdl.handle.net/11475/35409","pdf_url":null,"source":{"id":"https://openalex.org/S4306401810","display_name":"Z\u00fcrcher Hochschule f\u00fcr Angewandte Wissenschaften digital collection (Zurich University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200744771","host_organization_name":"ZHAW Zurich University of Applied Sciences","host_organization_lineage":["https://openalex.org/I200744771"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"}],"best_oa_location":{"id":"pmh:oai:digitalcollection.zhaw.ch:11475/35409","is_oa":true,"landing_page_url":"https://hdl.handle.net/11475/35409","pdf_url":null,"source":{"id":"https://openalex.org/S4306401810","display_name":"Z\u00fcrcher Hochschule f\u00fcr Angewandte Wissenschaften digital collection (Zurich University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200744771","host_organization_name":"ZHAW Zurich University of Applied Sciences","host_organization_lineage":["https://openalex.org/I200744771"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},"sustainable_development_goals":[{"score":0.614612340927124,"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1986495842","https://openalex.org/W2554427106","https://openalex.org/W2903945215","https://openalex.org/W2914370086","https://openalex.org/W2918753059","https://openalex.org/W2996903041","https://openalex.org/W3068817550","https://openalex.org/W4323646125","https://openalex.org/W4381745013","https://openalex.org/W4402811628","https://openalex.org/W4402835514","https://openalex.org/W4403600598","https://openalex.org/W4404387326","https://openalex.org/W4414538701"],"related_works":[],"abstract_inverted_index":{"Future":[0],"networks":[1],"are":[2],"expected":[3],"to":[4,25,33,59,125,148,152],"rely":[5],"heavily":[6],"on":[7,83],"cloud-native":[8],"technologies.":[9],"However,":[10],"the":[11,66,84,87,93,99,112,122,137,145],"security":[12,27,132],"and":[13,97,129,150,162],"resilience":[14],"of":[15,39,86],"those":[16],"systems":[17],"deserve":[18],"more":[19],"attention.":[20],"CubeMig":[21,46],"presents":[22],"an":[23,71],"approach":[24],"enhancing":[26],"in":[28,62,101,140],"Kubernetes":[29],"environments,":[30],"enabling":[31],"pods":[32],"live":[34,54],"migrate,":[35],"leveraged":[36],"as":[37,56,156],"part":[38],"a":[40,57,102,141],"Moving":[41],"Target":[42],"Defense":[43],"(MTD)":[44],"strategy.":[45],"showcases":[47],"reactive":[48],"defensive":[49],"mechanisms":[50],"by":[51],"incorporating":[52],"automated":[53],"migrations":[55],"response":[58],"threats":[60],"detected":[61],"near":[63],"real-time":[64],"at":[65],"OS":[67],"kernel":[68],"level,":[69],"using":[70,116],"eBPF-based":[72],"approach.":[73],"The":[74],"mitigation":[75],"process":[76],"is":[77],"further":[78,106],"enhanced":[79],"with":[80],"forensic":[81,113,123],"analysis":[82,114,120],"checkpoint":[85],"migrated":[88],"container,":[89],"providing":[90,130],"insights":[91],"into":[92],"compromised":[94],"containers":[95],"offline":[96],"instantiating":[98],"container":[100],"sandboxed":[103],"environment":[104],"for":[105],"online":[107],"analysis.":[108],"Finally,":[109],"we":[110],"augment":[111],"output":[115],"LLMs,":[117],"generating":[118],"human-explainable":[119],"from":[121],"logs":[124],"support":[126],"post-incident":[127],"investigation":[128],"relevant":[131],"recommendations.":[133],"Experimental":[134],"results":[135],"validate":[136],"approach\u2019s":[138],"effectiveness":[139],"human-in-the-loop":[142],"setting,":[143],"showcasing":[144],"system\u2019s":[146],"ability":[147],"detect":[149],"respond":[151],"attack":[153],"scenarios":[154],"such":[155],"reverse":[157],"shell":[158],"execution,":[159],"log":[160],"tampering,":[161],"system":[163],"destruction.":[164]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-01-30T00:00:00"}