Article Published In Vol.9 (July-Aug 2021)

Cloud Workload Protection with eBPF: Harnessing Extended Berkeley Packet Filter for Threat Detection

Author : Venkat Garikipati and Aravindhan Kurunthachalam

Cloud workload protection is now the most advanced tool to secure cloud-hosted applications, data, and infrastructure against ever-changing cyber threats. However, the traditional security methods like firewalls and signature-based detection systems do not scale well with dynamic cloud environments and fail to detect and thwart sophisticated attacks. This paper focuses on an eBPF-based threat detection framework which allows real-time monitoring of various system calls, network activities, and behavioral patterns of processes at the kernel level with a minimum overload on performance. The work proposes a Hybrid BiLSTM + Autoencoder-based anomaly detection model to bolster security analytics using bidirectional learning-based and reconstruction-based anomaly scoring. Further pruning-based fine-tuning was done to ensure the efficiency of the model, with a reduction in operational overhead in cost against the accuracy of detection. Post-incident analysis using eBPF aids forensic investigations by mapping suspicious activity to structured security logs. Experimental evaluations further prove that false positives are minimized, threat detection accuracy is improved, and latency in cloud environments is reduced. This study presents a scalable, high-performance security framework that is built on eBPF and cutting-edge machine learning techniques-this framework ensures protection in real-time while also providing adaptive defense mechanisms for modern cyber threats.

Keywords: Extended Berkeley Packet Filter, Cloud Workload Protection, Threat Detection, Anomaly Detection, Bidirectional Long Short-Term Memory-Autoencoder, Machine Learning Security.