Securing Containers: Honeypots for Analysing Container Attacks

Docker Containers are increasingly being used to develop, deploy and distribute software. However, they are also vulnerable to various attacks resulting in breaches and access to the host machines. To understand the various attacks on the containers and study them in a sandbox environment, we develop a honeypot. The honeypot systematically collects data logs of all the activities both inside and outside the container. We build on open source log gathering tool Osquery and Docker APIs to obtain ‘evented’ activity logs. Our honeypot provides granular information about the container activities which can be analyzed to build detection rules and secure the containers.