LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools
Containerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster depl...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11077135/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849417223924350976 |
|---|---|
| author | Md Sadun Haq Ali Saman Tosun Turgay Korkmaz |
| author_facet | Md Sadun Haq Ali Saman Tosun Turgay Korkmaz |
| author_sort | Md Sadun Haq |
| collection | DOAJ |
| description | Containerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster deployment and near-native performance with isolation and security drawbacks compared to Virtual Machines. To address the security issues, scanning tools that scan containers for preexisting vulnerabilities have been developed, but they suffer from false positives. Moreover, using different scanning tools to scan the same container provides different results, which leads to inconsistencies and confusion. Limited work has been done to address these issues. This paper provides a fully functional and extensible framework named LUCID that can reduce false positives and inconsistencies provided by multiple scanning tools. We use a database-centric approach and perform query-based analysis, to pinpoint the causes for inconsistencies. Our results show that our framework can reduce inconsistencies by 70%. The framework has been tested on both Intel64/AMD64 and ARM architecture. We also create a Dynamic Classification component that can successfully classify and predict the different severity levels with an accuracy of 84%. We believe this paper will raise awareness regarding security in container technologies and enable container scanning companies to improve their tool to provide better and more consistent results. |
| format | Article |
| id | doaj-art-0c8237ec2e3b404ab9be2410fe038ab8 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-0c8237ec2e3b404ab9be2410fe038ab82025-08-20T03:32:55ZengIEEEIEEE Access2169-35362025-01-011312730712732110.1109/ACCESS.2025.358762611077135LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning ToolsMd Sadun Haq0https://orcid.org/0000-0002-9305-3093Ali Saman Tosun1Turgay Korkmaz2https://orcid.org/0000-0002-5529-673XDepartment of Computer Science, The University of Texas at San Antonio, San Antonio, TX, USADepartment of Computer Science and Mathematics, The University of North Carolina at Pembroke, Pembroke, NC, USADepartment of Computer Science, The University of Texas at San Antonio, San Antonio, TX, USAContainerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster deployment and near-native performance with isolation and security drawbacks compared to Virtual Machines. To address the security issues, scanning tools that scan containers for preexisting vulnerabilities have been developed, but they suffer from false positives. Moreover, using different scanning tools to scan the same container provides different results, which leads to inconsistencies and confusion. Limited work has been done to address these issues. This paper provides a fully functional and extensible framework named LUCID that can reduce false positives and inconsistencies provided by multiple scanning tools. We use a database-centric approach and perform query-based analysis, to pinpoint the causes for inconsistencies. Our results show that our framework can reduce inconsistencies by 70%. The framework has been tested on both Intel64/AMD64 and ARM architecture. We also create a Dynamic Classification component that can successfully classify and predict the different severity levels with an accuracy of 84%. We believe this paper will raise awareness regarding security in container technologies and enable container scanning companies to improve their tool to provide better and more consistent results.https://ieeexplore.ieee.org/document/11077135/Anomaly Detectionmachine learningdatabasesmulti-label classificationDockerHubscanning tools |
| spellingShingle | Md Sadun Haq Ali Saman Tosun Turgay Korkmaz LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools IEEE Access Anomaly Detection machine learning databases multi-label classification DockerHub scanning tools |
| title | LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools |
| title_full | LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools |
| title_fullStr | LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools |
| title_full_unstemmed | LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools |
| title_short | LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools |
| title_sort | lucid a framework for reducing false positives and inconsistencies among container scanning tools |
| topic | Anomaly Detection machine learning databases multi-label classification DockerHub scanning tools |
| url | https://ieeexplore.ieee.org/document/11077135/ |
| work_keys_str_mv | AT mdsadunhaq lucidaframeworkforreducingfalsepositivesandinconsistenciesamongcontainerscanningtools AT alisamantosun lucidaframeworkforreducingfalsepositivesandinconsistenciesamongcontainerscanningtools AT turgaykorkmaz lucidaframeworkforreducingfalsepositivesandinconsistenciesamongcontainerscanningtools |