{"id":"https://openalex.org/W3110723107","doi":"https://doi.org/10.1145/3427228.3427236","title":"CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications","display_name":"CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications","publication_year":2020,"publication_date":"2020-12-07","ids":{"openalex":"https://openalex.org/W3110723107","doi":"https://doi.org/10.1145/3427228.3427236","mag":"3110723107"},"language":"en","primary_location":{"id":"doi:10.1145/3427228.3427236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427236","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016611001","display_name":"Yuhang Lin","orcid":"https://orcid.org/0000-0001-9446-2625"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yuhang Lin","raw_affiliation_strings":["North Carolina State University, United States of America"],"affiliations":[{"raw_affiliation_string":"North Carolina State University, United States of America","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072717905","display_name":"Olufogorehan Tunde-Onadele","orcid":"https://orcid.org/0009-0000-7996-2939"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Olufogorehan Tunde-Onadele","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102976136","display_name":"Xiaohui Gu","orcid":"https://orcid.org/0000-0001-8811-0084"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaohui Gu","raw_affiliation_strings":["North Carolina State University"],"affiliations":[{"raw_affiliation_string":"North Carolina State University","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5016611001"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":3.6101,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.93910561,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":93,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"179","last_page":"188"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7900447845458984},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7420911192893982},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.636942982673645},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.4634110629558563},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4220791161060333},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.4082051217556},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3342209458351135},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3274708390235901},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.24271973967552185},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21547773480415344},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.0776861310005188}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7900447845458984},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7420911192893982},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.636942982673645},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.4634110629558563},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4220791161060333},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.4082051217556},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3342209458351135},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3274708390235901},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.24271973967552185},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21547773480415344},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0776861310005188},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3427228.3427236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427236","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W433644524","https://openalex.org/W1930624869","https://openalex.org/W2016305672","https://openalex.org/W2078799390","https://openalex.org/W2101153329","https://openalex.org/W2118372007","https://openalex.org/W2119002676","https://openalex.org/W2127979711","https://openalex.org/W2139866548","https://openalex.org/W2291034565","https://openalex.org/W2561208905","https://openalex.org/W2579247884","https://openalex.org/W2598200822","https://openalex.org/W2744226525","https://openalex.org/W2783751309","https://openalex.org/W2792590405","https://openalex.org/W2902455138","https://openalex.org/W2902718458","https://openalex.org/W2903126489","https://openalex.org/W2922569945","https://openalex.org/W2963803379","https://openalex.org/W2964261056","https://openalex.org/W2968031544","https://openalex.org/W2970825779","https://openalex.org/W3136767761"],"related_works":["https://openalex.org/W2367301169","https://openalex.org/W2974221847","https://openalex.org/W2352134912","https://openalex.org/W2055230095","https://openalex.org/W4234742569","https://openalex.org/W2001079144","https://openalex.org/W2480624181","https://openalex.org/W4376623838","https://openalex.org/W1995656050","https://openalex.org/W2048054615"],"abstract_inverted_index":{"Containers":[0],"have":[1,20,95],"been":[2],"widely":[3],"adopted":[4],"in":[5,91,110],"production":[6],"computing":[7],"environments":[8],"for":[9,62,82,179],"its":[10],"efficiency":[11],"and":[12,38,70,101,176],"low":[13],"overhead":[14],"of":[15,77,99],"isolation.":[16],"However,":[17],"recent":[18],"studies":[19],"shown":[21],"that":[22,120],"containerized":[23,32,63],"applications":[24,33],"are":[25,34],"prone":[26],"to":[27,56,73,131,134,161],"various":[28],"security":[29,59],"attacks.":[30],"Moreover,":[31],"often":[35],"highly":[36],"dynamic":[37,83],"short-lived,":[39],"which":[40,171],"further":[41],"exacerbates":[42],"the":[43,75,124,154],"problem.":[44],"In":[45],"this":[46],"paper,":[47],"we":[48],"present":[49],"CDL,":[50],"a":[51,97,184],"classified":[52],"distributed":[53],"learning":[54],"framework":[55],"achieve":[57],"efficient":[58],"attack":[60],"detection":[61,72,137,155,178],"applications.":[64,93,115],"CDL":[65,100,121,151,168],"integrates":[66],"online":[67],"application":[68,145,174],"classification":[69,146,175],"anomaly":[71,136,177],"overcome":[74],"challenge":[76],"lacking":[78],"sufficient":[79],"training":[80,141],"data":[81,181],"short-lived":[84],"containers":[85],"while":[86],"considering":[87],"diversified":[88],"normal":[89],"behaviors":[90],"different":[92],"We":[94],"implemented":[96],"prototype":[98],"evaluated":[102],"it":[103],"over":[104,129],"33":[105],"real":[106],"world":[107],"vulnerability":[108],"attacks":[109,160,163,166],"24":[111],"commonly":[112],"used":[113],"server":[114],"Our":[116],"experimental":[117],"results":[118],"show":[119],"can":[122,152,172],"reduce":[123],"false":[125],"positive":[126],"rate":[127,156],"from":[128,157],"12%":[130],"0.24%":[132],"compared":[133],"traditional":[135],"schemes":[138],"without":[139],"aggregating":[140],"data.":[142],"By":[143],"introducing":[144],"into":[147],"container":[148],"behavior":[149],"learning,":[150],"improve":[153],"catching":[158],"20":[159],"31":[162],"before":[164],"those":[165],"succeed.":[167],"is":[169],"light-weight,":[170],"complete":[173],"each":[180],"sample":[182],"within":[183],"few":[185],"milliseconds.":[186]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}