EDGE SECURITY AUTOMATION EBPF-BASED ANOMALY DETECTION IN K3S CLUSTERS AND ISTIO AMBIENT MESH

Abstract

Securing edge computing environments is increasingly complex due to distributed workloads and dynamic traffic patterns. Traditional security solutions struggle to detect anomalies efficiently in lightweight Kubernetes (K3s) clusters. Meanwhile, service meshes introduce additional security challenges, especially in identity management and workload communication. Innovative security automation techniques are essential to address these concerns. This paper explores eBPF-based anomaly detection for K3s clusters and Istio Ambient Mesh security. We examine how eBPF probes enable real-time, low-overhead network monitoring at the kernel level. Additionally, we discuss the application of Principal Component Analysis (PCA) to identify traffic anomalies. Furthermore, we analyze SPIRE-based identity issuance to secure service-to-service communication in Istio Ambient Mode.