| CPC G06F 9/45533 (2013.01) [G06F 8/60 (2013.01); G06F 9/455 (2013.01); G06F 9/45558 (2013.01); G06F 11/30 (2013.01); G06F 11/3003 (2013.01); G06F 11/3065 (2013.01); G06F 11/3072 (2013.01); G08B 21/182 (2013.01); H04L 43/16 (2013.01); G06F 2009/45587 (2013.01); H04L 67/10 (2013.01)] | 16 Claims |
|
1. A system associated with a cloud computing environment, comprising:
a Kubernetes container orchestration system cluster of the cloud computing environment executing a target application workload to be intercepted; and
a software defined anomaly detection engine, that is separate from the target application workload and that is also executing in the Kubernetes container orchestration system cluster, to intercept the target application workload, including:
a computer processor, and
a computer memory coupled to the computer processor and storing instructions that, when executed by the computer processor, cause the software defined anomaly detection engine to:
(i) intercept network traffic that is external to the Kubernetes container orchestration system cluster and associated with the target application workload,
(ii) automatically execute an anomaly detection algorithm, associated with a spectral residual method, in substantially real time on the intercepted network traffic to generate an intercept result, and
(iii) transmit an anomaly detection alert signal based on a comparison of the intercept result, patterns of detected calls, and an anomaly threshold value,
wherein a control plane of the cloud computing environment receives a request to register for anomaly detection and, responsive to the received request, deploys the software defined anomaly detection engine to a data plane for the Kubernetes container orchestration system cluster.
|