"ARGOS - Behavioral anomaly detection within a Kubernetes cluster" made by a group of students in their final year project at École Centrale d'Électronique (ECE) in Paris.
This open source project was sponsored by Amazon Web Services (AWS).
In cybersecurity, behavioral analysis is a threat detection technique that relies on understanding the usual behaviors of users and entities. With this understanding, we can detect subtle changes in behavior within the system that may be warning signs of malicious activity.
AWS Machine Learning algorithms provide many easy-to-use tools for anomaly detection. Random Cut Forest, for example, can detect anomalous points in a vector space of arbitrary dimension.
ARGOS is an open-source tool based on Machine Learning tools provided by AWS to detect unusual behaviors within a Kubernetes cluster. These anomalies can be the sign of a Kubernetes compromise and therefore synonymous with a security breach and are thus reported to AWS SecurityHub.
ARGOS can be used for any Kubernetes cluster. During the development phase, we used an EKS cluster. An API Gateway is there to provide the bridge between the cluster and our solution.
For an EKS cluster, the logs are sent natively to Amazon CloudWatch, so we implemented a Lambda function that decodes and forwards the logs to API Gateway.
The latest stable version of ARGOS will always be the stable branch of the GitHub repository. You can get the latest version of the code using the following command:
git clone https://github.com/GodZer/PFE-ARGOS.git-
Prerequisites: building the solution requires the following tools to be installed on your system.
-
To proceed the deployment of the app, please refer to the following link
- Fanny MARCUCCINI
- Sébastien JULIEN
- Julien TERRIER
- Rayan OULD-KACI
- Thibault GIRARD
- Claire THEOKRITOFF
- Nicolas HAUSER