{"id":"https://openalex.org/W7125611776","doi":"https://doi.org/10.1109/tcc.2026.3657486","title":"Container-Specific Service Mesh-Based System for Mitigating Lateral Movement Attacks","display_name":"Container-Specific Service Mesh-Based System for Mitigating Lateral Movement Attacks","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7125611776","doi":"https://doi.org/10.1109/tcc.2026.3657486"},"language":null,"primary_location":{"id":"doi:10.1109/tcc.2026.3657486","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tcc.2026.3657486","pdf_url":null,"source":{"id":"https://openalex.org/S2492498579","display_name":"IEEE Transactions on Cloud Computing","issn_l":"2168-7161","issn":["2168-7161","2372-0018"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Cloud Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123733049","display_name":"Geonwoo Yoon","orcid":null},"institutions":[{"id":"https://openalex.org/I4921948","display_name":"Pusan National University","ror":"https://ror.org/01an57a31","country_code":"KR","type":"education","lineage":["https://openalex.org/I4921948"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Geonwoo Yoon","raw_affiliation_strings":["School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0006-6092-1217","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea","institution_ids":["https://openalex.org/I4921948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023643663","display_name":"Jinmyeong Shin","orcid":"https://orcid.org/0000-0001-8580-6887"},"institutions":[{"id":"https://openalex.org/I156087764","display_name":"University of California, Merced","ror":"https://ror.org/00d9ah105","country_code":"US","type":"education","lineage":["https://openalex.org/I156087764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinmyeong Shin","raw_affiliation_strings":["Department of Computer Science and Engineering, University of California, Merced, CA, USA"],"raw_orcid":"https://orcid.org/0000-0001-8580-6887","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, University of California, Merced, CA, USA","institution_ids":["https://openalex.org/I156087764"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076607185","display_name":"Jae-Seok Kim","orcid":"https://orcid.org/0000-0001-7728-2278"},"institutions":[{"id":"https://openalex.org/I4921948","display_name":"Pusan National University","ror":"https://ror.org/01an57a31","country_code":"KR","type":"education","lineage":["https://openalex.org/I4921948"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jae-Seok Kim","raw_affiliation_strings":["School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0001-7728-2278","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea","institution_ids":["https://openalex.org/I4921948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090008217","display_name":"S.H. Kim","orcid":"https://orcid.org/0009-0004-5089-4580"},"institutions":[{"id":"https://openalex.org/I4921948","display_name":"Pusan National University","ror":"https://ror.org/01an57a31","country_code":"KR","type":"education","lineage":["https://openalex.org/I4921948"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seunghyuk Kim","raw_affiliation_strings":["School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0004-5089-4580","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea","institution_ids":["https://openalex.org/I4921948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001982221","display_name":"Jaeyoung Jeong","orcid":"https://orcid.org/0009-0007-7809-5686"},"institutions":[{"id":"https://openalex.org/I4921948","display_name":"Pusan National University","ror":"https://ror.org/01an57a31","country_code":"KR","type":"education","lineage":["https://openalex.org/I4921948"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jaeyoung Jeong","raw_affiliation_strings":["School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea"],"raw_orcid":"https://orcid.org/0009-0007-7809-5686","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea","institution_ids":["https://openalex.org/I4921948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068130953","display_name":"Yoon-Ho Choi","orcid":"https://orcid.org/0000-0002-3556-5082"},"institutions":[{"id":"https://openalex.org/I4921948","display_name":"Pusan National University","ror":"https://ror.org/01an57a31","country_code":"KR","type":"education","lineage":["https://openalex.org/I4921948"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yoon-Ho Choi","raw_affiliation_strings":["School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-3556-5082","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Pusan National University, Busan, Republic of Korea","institution_ids":["https://openalex.org/I4921948"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5123733049"],"corresponding_institution_ids":["https://openalex.org/I4921948"],"apc_list":null,"apc_paid":null,"fwci":32.0262,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.98834409,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"14","issue":"1","first_page":"92","last_page":"109"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.8525000214576721,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.8525000214576721,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.10459999740123749,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.014600000344216824,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.6276999711990356},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6078000068664551},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5375999808311462},{"id":"https://openalex.org/keywords/adaptability","display_name":"Adaptability","score":0.5325999855995178},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.5281999707221985},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.46160000562667847},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4147999882698059},{"id":"https://openalex.org/keywords/data-collection","display_name":"Data collection","score":0.38040000200271606},{"id":"https://openalex.org/keywords/offline-learning","display_name":"Offline learning","score":0.3702999949455261}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7766000032424927},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.6276999711990356},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6078000068664551},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5375999808311462},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.5325999855995178},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.5281999707221985},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.46160000562667847},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4207000136375427},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4147999882698059},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.38040000200271606},{"id":"https://openalex.org/C2780490138","wikidata":"https://www.wikidata.org/wiki/Q7079636","display_name":"Offline learning","level":3,"score":0.3702999949455261},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.35199999809265137},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.35040000081062317},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.34860000014305115},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.34860000014305115},{"id":"https://openalex.org/C115903097","wikidata":"https://www.wikidata.org/wiki/Q7094097","display_name":"Online machine learning","level":3,"score":0.34450000524520874},{"id":"https://openalex.org/C2986087404","wikidata":"https://www.wikidata.org/wiki/Q15946010","display_name":"Online learning","level":2,"score":0.3425999879837036},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.334199994802475},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.33079999685287476},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3228999972343445},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.32190001010894775},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3165000081062317},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.3149999976158142},{"id":"https://openalex.org/C2780148112","wikidata":"https://www.wikidata.org/wiki/Q1432581","display_name":"Proxy (statistics)","level":2,"score":0.31290000677108765},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3075000047683716},{"id":"https://openalex.org/C15587899","wikidata":"https://www.wikidata.org/wiki/Q7455812","display_name":"Service system","level":3,"score":0.30399999022483826},{"id":"https://openalex.org/C196921405","wikidata":"https://www.wikidata.org/wiki/Q786431","display_name":"Online algorithm","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.2782000005245209},{"id":"https://openalex.org/C2777852691","wikidata":"https://www.wikidata.org/wiki/Q13430821","display_name":"Crowds","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.25769999623298645}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tcc.2026.3657486","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tcc.2026.3657486","pdf_url":null,"source":{"id":"https://openalex.org/S2492498579","display_name":"IEEE Transactions on Cloud Computing","issn_l":"2168-7161","issn":["2168-7161","2372-0018"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Cloud Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W2167240430","https://openalex.org/W2767094836","https://openalex.org/W2774761221","https://openalex.org/W2936268283","https://openalex.org/W2944096373","https://openalex.org/W2963273426","https://openalex.org/W2983055711","https://openalex.org/W3001760383","https://openalex.org/W3083881008","https://openalex.org/W3094094693","https://openalex.org/W3115999986","https://openalex.org/W3172037816","https://openalex.org/W3198256924","https://openalex.org/W4224933758","https://openalex.org/W4226043146","https://openalex.org/W4288057803","https://openalex.org/W4315480688","https://openalex.org/W4360851419","https://openalex.org/W4386275779","https://openalex.org/W4387140680","https://openalex.org/W4387583587","https://openalex.org/W4401929209","https://openalex.org/W4402264131","https://openalex.org/W4404386119","https://openalex.org/W4414231886","https://openalex.org/W7125611776"],"related_works":[],"abstract_inverted_index":{"The":[0,104],"dynamic":[1],"nature":[2],"of":[3,52,67,94,110],"containers":[4,69],"within":[5],"a":[6,50,86,118,146,155],"Kubernetes":[7],"cluster":[8],"substantially":[9],"expands":[10],"the":[11,62,173,179,214],"potential":[12],"attack":[13],"surface.":[14],"In":[15],"particular,":[16],"lateral":[17,33],"movement":[18,34],"attacks":[19],"enable":[20],"adversaries":[21],"to":[22,60,73,209,237],"compromise":[23],"additional":[24],"subsystems":[25],"after":[26],"gaining":[27],"initial":[28],"access.":[29],"To":[30,80],"defend":[31],"against":[32],"attacks,":[35],"most":[36],"anomaly":[37,132,163],"detection":[38,133,164,232],"methods":[39,58],"rely":[40],"on":[41],"offline":[42,56,221],"learning":[43,57,93,142,158,167,217,222],"using":[44],"system":[45,64,90,96,108,120,169,182,188,226],"call":[46,65,97,121,170,183,189,227],"data":[47],"accumulated":[48],"over":[49,244],"period":[51],"time.":[53,245],"However,":[54],"such":[55],"struggle":[59],"capture":[61],"unique":[63],"patterns":[66,98],"individual":[68],"and":[70,134,144,153,198,229],"lack":[71],"adaptability":[72],"changes":[74,239],"caused":[75,240],"by":[76,166,192,203,234,241],"frequent":[77],"container":[78,135,148,242],"updates.":[79],"address":[81],"these":[82],"limitations,":[83],"we":[84,176],"propose":[85],"new":[87],"service":[88,106],"mesh-based":[89,107],"for":[91,127,149],"online":[92,157,216],"container-specific":[95,156,215],"observed":[99,168],"under":[100],"cloud-native":[101],"microservice":[102],"environments.":[103],"proposed":[105,180],"consists":[109],"three":[111],"key":[112],"functional":[113],"processes":[114],"as":[115,193,195,204,206],"follows:":[116],"(i)":[117],"zero-copy-based":[119,181],"collection":[122,184,190],"process,":[123,137,159],"which":[124,138,160],"leverages":[125,145],"eBPF":[126],"efficient":[128],"monitoring;":[129],"(ii)":[130],"an":[131],"isolation":[136],"employs":[139],"lightweight":[140],"machine":[141],"models,":[143],"proxy":[147],"swift":[150],"traffic":[151],"control;":[152],"(iii)":[154],"continuously":[161,235],"updates":[162,243],"models":[165],"sequences.":[171],"From":[172],"experimental":[174],"results,":[175],"show":[177],"that":[178],"process":[185,218],"significantly":[186],"improves":[187],"speeds":[191],"much":[194,205],"4.5":[196],"times":[197],"shows":[199],"lower":[200],"CPU":[201],"usage":[202],"half":[207],"compared":[208],"other":[210],"state-of-the-art":[211],"methods.":[212],"Furthermore,":[213],"consistently":[219],"outperforms":[220],"approaches":[223],"across":[224],"various":[225],"datasets":[228],"maintains":[230],"stable":[231],"performance":[233],"adapting":[236],"behavioral":[238]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2026-01-25T00:00:00"}