Keywords:-
Article Content:-
Abstract
The approval of containerized applications in cloud-native environments has significantly improved application scalability, portability, and resource efficiency. However, this development has also introduced complex security challenges across all stages of the application lifecycle, from build-time, deployment-time, and runtime phases. Traditional security solutions are often based on isolated phases of the container lifecycle, but their solutions work on single-source monitoring and, which limits their ability to detect sophisticated multi-stage attacks. This study developed a Unified XGBoost-Based framework for detecting Full-lifecycle attacks in Containerized Cluster Environments. The framework integrated heterogeneous security data from multiple sources, including audit logs of Kubernetes, events in Docker, and Falco runtime alerts, to provide comprehensive reflectivity across the application lifecycle. Collected logs were preprocessed and transformed into structured feature vectors using feature extraction and engineering techniques. The extracted features were used to train an XGBoost classifier for multi-class attack detection, categorizing events into build-time attacks, deployment-time attacks, runtime attacks, and normal behavior. Experimental evaluation indicated strong performance, achieving an average precision of 96.9%, recall of 97.0%, and F1-Score of 96.9%, with runtime attacks recording the highest detection rate due to the rich behavioral indicators available in runtime logs. Comparative analysis further identified that the developed XGBoost-based model outperformed baseline machine learning algorithms, which are Logistic Regression, Decision Tree, Random Forest, and LightGBM. The findings confirm that integrating multi-source logs significantly improves full-lifecycle attack detection in a containerized cluster environment. This research contributes to the field of cybersecurity and containerized applications by providing a scalable and effective machine learning-based structure for comprehensive intrusion detection and threat monitoring.
References:-
References
Casalicchio, E., & Iannucci, S. (2020). The state‐of‐the‐art in container technologies: Application, orchestration and security. Concurrency and Computation: Practice and Experience, 32(17), e5668.
Franzil, M., Armani, V., Knob, L. A. D., & Siracusa, D. (2025). Sharpening Kubernetes audit logs with context awareness. Computer Networks, 111890.
Homoliak, I., Venugopalan, S., Reijsbergen, D., Hum, Q., Schumi, R., & Szalachowski, P. (2020). The security reference architecture for blockchains: Toward a standardized model for studying vulnerabilities, threats, and defenses. IEEE Communications Surveys & Tutorials, 23(1), 341-390.Jarkas, O., Ko, R., Dong, N., & Mahmud, R. (2025). A container security survey: Exploits, attacks, and defenses. ACM Computing Surveys, 57(7), 1-36.
Islam, M. D. (2023). A survey on the use of blockchains to achieve supply chain
security. Information Systems, 117, 102232.
Lin, Y. D., Wang, Z. Y., Lin, P. C., Nguyen, V. L., Hwang, R. H., & Lai, Y. C. (2022). Multi-datasource machine learning in intrusion detection: Packet flows, system logs and host statistics. Journal of information security and applications, 68, 103248.
Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. applied sciences, 9(20), 4396.
Mukkawar, A. (2025, August). ML-Driven Predictive Autoscaling and Fault Tolerance in Multi-Region Cloud Architectures. In 2025 IEEE International Conference on High Performance Computing and Communications (HPCC) (pp. 1-11). IEEE.
Quinto, B. (2020). Introduction to machine learning. In Next-Generation Machine Learning with Spark: Covers XGBoost, LightGBM, Spark NLP, Distributed Deep Learning with Keras, and More (pp. 1-27). Berkeley, CA: Apress.
Satilmiş, H., Akleylek, S., & Tok, Z. Y. (2024). A systematic literature review on host-based intrusion detection systems. Ieee Access, 12, 27237-27266.
Tan, Z., Parambath, S. P., Anagnostopoulos, C., Singer, J., & Marnerides, A. K. (2025). Advanced Persistent Threats Based on Supply Chain Vulnerabilities: Challenges, Solutions, and Future Directions. IEEE Internet of Things Journal, 12(6), 6371-6395.
Ugwueze, V. U. (2024). Cloud native application development: Best practices and challenges. International Journal of Research Publication and Reviews, 5(12), 2399-2412.
Vaño, R., Lacalle, I., Sowiński, P., S-Julián, R., & Palau, C. E. (2023). Cloud-native workload orchestration at the edge: A deployment review and future directions. Sensors, 23(4), 2215.
Watada, J., Roy, A., Kadikar, R., Pham, H., & Xu, B. (2019). Emerging trends, techniques and open issues of containerization: A review. Ieee Access, 7, 152443-152472.