Since the introduction of Docker several years ago, containers are becoming the standard way of deploying software in production. With many companies adopting this approach, malware build to take advantage of this is starting to appear more often. Some examples are botnets taking over containers and cryptominers being installed through backdoors (see Doki). As containers are often run in a big cluster containing tens, hundreds, or even thousands of containers, spotting weird behavior that may indicate something malicious is (ab)using your platform is not always the easiest thing. We want to see if it is possible to automate spotting malicious behavior in container clusters.
During your internship, you will be:
Working with tools like Docker and Kubernetes.
Researching how malware targets clusters, and try to build a solution that is able to detect infected parts of a cluster.
Building a dashboard where we can quickly see the current health of a cluster and want to be notified immediately if something malicious is detected.
Researching other existing tools that you can integrate into your application to suit our wishes, maybe you can use artificial intelligence to detect abnormal patterns. There are lots of possibilities, it is up to you to figure out the best solution.
UP FOR A CHALLENGE?