[1]谢兆贤,倪冰雪,王若冰.基于异常检测 Docker 容器的监控系统研究[J].计算机技术与发展,2022,32(06):131-137.[doi:10. 3969 / j. issn. 1673-629X. 2022. 06. 022]
 XIE Zhao-xian,NI Bing-xue*,WANG Ruo-bing.Research on Monitoring System of Docker Container Based on Anomaly Detection[J].,2022,32(06):131-137.[doi:10. 3969 / j. issn. 1673-629X. 2022. 06. 022]
点击复制

基于异常检测 Docker 容器的监控系统研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
32
期数:
2022年06期
页码:
131-137
栏目:
网络与安全
出版日期:
2022-06-10

文章信息/Info

Title:
Research on Monitoring System of Docker Container Based on Anomaly Detection
文章编号:
1673-629X(2022)06-0131-07
作者:
谢兆贤倪冰雪王若冰
曲阜师范大学 网络空间安全学院,山东 曲阜 273165
Author(s):
XIE Zhao-xianNI Bing-xue* WANG Ruo-bing
School of Cyber Science and Engineering,Qufu Normal University,Qufu 273165,China
关键词:
Docker 容器监控系统监控组件安全性异常检测
Keywords:
Docker containermonitoring systemmonitoring componentsecurityanomaly detection
分类号:
TP399
DOI:
10. 3969 / j. issn. 1673-629X. 2022. 06. 022
摘要:
Docker 容器监控系统在系统运维层面保障容器的安全。 为解决当前容器监控系统存在部署过程复杂、异常检测精确度低、资源消耗量大和监控潜在黑洞等问题,采用 Prometheus+、Sysdig 和 Weave scope 等组件,构建支持可视化交互的综合型监控系统框架。 该系统不仅可以快速准确定位异常来源、易于部署和资源消耗量低,还可以采用多种执行方式。依照监控组件资源使用量和组件执行模式,设计实验并对该系统进行研究。 实验结果显示,Prometheus+磁盘故障检出率高并且可以长期存储数据,Sysdig 在异常检测的误检率低并且耗费资源少,Weave Scope 的异常检出率低,但是它可以同时监控多个容器。 实验结果验证了该系统的有效性,其不仅可以全面地实时监控 Docker 容器内的各个节点,还可以解决多容器联合监控的问题。 同时,系统从根本上降低了 Docker 容器整体的安全风险。
Abstract:
Docker container monitoring system ensures the security of containers at the level of system operation and maintenance. Inorder to solve the problems of the current container monitoring system,such as complex deployment process,low accuracy of anomaly detection,large resource consumption, and monitoring potential black holes, a comprehensive monitoring system framework supportingvisual interaction is constructed by using Prometheus+,Sysdig and Weave scope. This system can not only locate the source of anomalyquickly and accurately,but also can be deployed easily with low resource consumption. According to the monitoring component resourceusage and component execution mode, the experiment is designed and the system is studied. The experimental results show thatPrometheus+ disk exists a high fault detection rate and stores data for a long time. Sysdig has the features both low false detection rateand low resource consumption in anomaly detection. The abnormal detection rate of Weave Scope is even low,but it can monitor multiplecontainers concurrently. Experimental results verify the effectiveness of the system. Then,it is not only comprehensively monitor eachnode in Docker container in real time,but also solve the problem of joint monitoring of multiple containers. At the same time,this systemfundamentally reduces the overall security risk of Docker container.

相似文献/References:

[1]王峥 娄渊胜.远程线程注入技术在监控系统中的应用[J].计算机技术与发展,2010,(03):207.
 WANG Zheng,LOU Yuan-sheng.Application of Remote - Thread Injection Technique on Monitor System[J].,2010,(06):207.
[2]严华 蔡瑞英.即时通信监控系统的设计与实现[J].计算机技术与发展,2009,(07):242.
 YAN Hua,CAI Rui-ying.Design and Implementation of Monitoring System of Instant Messaging[J].,2009,(06):242.
[3]刘金祥 王京仁.μCLinux在实时监控系统中的应用研究[J].计算机技术与发展,2009,(03):220.
 LIU Jin-xiang,WANG Jing-ren.Research on μCLinux Applied in Real Time Monitoring System[J].,2009,(06):220.
[4]史海峰 徐涛.基于安全审计的监控系统模型的设计[J].计算机技术与发展,2006,(04):221.
 SHI Hai-feng,XU Tao.Design on Monitor System Model Based on Security Audit[J].,2006,(06):221.
[5]刘晓明 仲元红 欧静兰.基于DSP的火灾图像识别系统设计及应用[J].计算机技术与发展,2006,(06):95.
 LIU Xiao-ming,ZHONG Yuan-hong,OU Jing-lan.Design and Application of Fire Images Recognition System Based on DSP[J].,2006,(06):95.
[6]马风格 梁夏.基于B/S模式的电力通信网监控系统的开发[J].计算机技术与发展,2006,(10):177.
 MA Feng-ge,LIANG Xia.Implementation of Monitoring System of Power Network Based on B/S Mode[J].,2006,(06):177.
[7]卞艺杰,马玲玲.云环境下移动视频监控系统安全性研究[J].计算机技术与发展,2013,(09):119.
 BIAN Yi-jie,MA Ling-ling.Research on Security of Mobile Video Surveillance System under Cloud Environment[J].,2013,(06):119.
[8]张辉宜,孙倩文,袁志祥,等. 基于无线传感器网络的温湿度监控系统设计[J].计算机技术与发展,2014,24(11):246.
 ZHANG Hui-yi,SUN Qian-wen,YUAN Zhi-xiang,et al. Design of Monitoring System of Humiture Based on Wireless Sensor Network[J].,2014,24(06):246.
[9]王立俊,李晋峰,程洪涛,等.气象资料实时传输监控系统应用研究[J].计算机技术与发展,2018,28(03):183.[doi:10.3969/ j. issn.1673-629X.2018.03.039]
 WANG Li-jun,LI Jin-feng,CHENG Hong-tao,et al.Research on Application of Monitoring System of Real-time Meteorological Data Transmission[J].,2018,28(06):183.[doi:10.3969/ j. issn.1673-629X.2018.03.039]
[10]耿晓利,张 芒,尹永宏.高并发高可用的分布式电商平台架构研究[J].计算机技术与发展,2021,31(02):111.[doi:10. 3969 / j. issn. 1673-629X. 2021. 02. 021]
 GENG Xiao-li,ZHANG Mang,YIN Yong-hong.Research on Distributed E-commerce Platform Architecture with High Concurrency and High Availability[J].,2021,31(06):111.[doi:10. 3969 / j. issn. 1673-629X. 2021. 02. 021]

更新日期/Last Update: 2022-06-10