	US 11,720,667 B2
	Stateful microservice-aware intrusion detection
Frederico Araujo, White Plains, NY (US); William Blair, Brighton, MA (US); and Teryl Paul Taylor, Danbury, CT (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Mar. 29, 2021, as Appl. No. 17/216,215.
Prior Publication US 2022/0309152 A1, Sep. 29, 2022
Int. Cl. G06F 21/54 (2013.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01)

CPC G06F 21/54 (2013.01) [G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 2221/033 (2013.01)]

20 Claims

1. A computer-implemented method comprising:

receiving a security policy for a container that is part of a microservice architecture;

obtaining a first effect graph of the security policy, resulting in a security model for the container;

identifying execution behavior of the container;

generating a second effect graph of the execution behavior of the container, wherein the generating comprises summarizing operations and interactions between entities in the execution behavior and results in a behavioral model for the container;

comparing the behavioral model to the security model;

determining whether the container has deviated from the security policy based on the comparing; and

enforcing the security policy against the container.