US 12,147,846 B2
Clustered container protection
Yun-Chang Lo, Taipei (TW); Chun-Shuo Lin, Tainan (TW); Chih-Wei Hsiao, Taipei (TW); Wei-Hsiang Hsiung, Taipei (TW); and Wei-Jie Liau, Taoyuan (TW)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Dec. 13, 2021, as Appl. No. 17/643,864.
Prior Publication US 2023/0185628 A1, Jun. 15, 2023
Int. Cl. G06F 9/50 (2006.01); G06F 9/38 (2018.01); G06F 9/455 (2018.01)
CPC G06F 9/5077 (2013.01) [G06F 9/3891 (2013.01); G06F 9/45558 (2013.01); G06F 2009/45595 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
determining, by one or more computer processors, a runtime feature set for a first container, wherein the runtime feature set includes aggregated temporally collocated container behavior;
determining, by one or more computer processors, a purpose associated with the first container based on the determined runtime feature set;
clustering, by one or more computer processors, the first container with one or more peer containers identified through a shared purpose and compared filesystems;
attaching, by one or more computer processors, to the one or more clustered peer containers;
determining, by one or more computer processors, an additional runtime feature set for each attached peer container;
calculating, by one or more computer processors, a variance between the first container and each attached peer container;
responsive to the calculated variance exceeding a variance threshold, identifying, by one or more computer processors, the first container as anomalous; and
responsive to the first container identified as anomalous, removing, by one or more computer processors, the first container.