Gunwoo Yoon - Publications & Projects

Publications

Container-Aware Syscall Collection in Cloud-Native Environments

Syscall Architecture

This work presents a novel architecture for syscall collection in Kubernetes using eBPF tracepoints and tail calls. Each pod is instrumented with a dedicated ring buffer, ensuring low-overhead collection with high isolation. Our evaluation shows significant reduction in collection latency compared to centralized collectors such as Falco and Sysdig.

Under review at USENIX ATC 2025 (to be submitted to arXiv)

Knowledge-Distilled Anomaly Detection for Microservices

We propose a contrastive-learning-based framework that distills features from a teacher CNN into a lightweight student model, enabling deployment in constrained microservice environments. The system achieves competitive detection accuracy on CIC-IDS2017 and Kubernetes datasets.

Under review at CCSW 2025 (to be submitted to arXiv)

Cybersecurity Risk Assessment Visualization Framework

We developed a visualization system for cybersecurity risk assessment based on RMF, integrating real-time asset monitoring and threat visualization. The system was demonstrated in collaboration with government agencies.

Presented at ACM SAC 2025

Projects

CASB (Cloud Access Security Broker)

Designed a web-based CASB system that inspects and controls SaaS traffic based on user roles and policies. Integrated with cloud identity providers and enforced DLP policies for popular SaaS like Google Workspace and Microsoft 365.

GBLight

Developed a lightweight behavioral profiling system that uses network and syscall data to generate temporal fingerprints of containerized services. Applied contrastive learning to detect drift from baseline.

SAVE (Secure AI Visualization Environment)

Built a containerized dashboard that visualizes AI service activity and security posture in real time. Integrated model status, active system calls, and communication flows.

Cloud RMF Toolkit

Implemented a Risk Management Framework (RMF) toolkit for classifying, evaluating, and managing cloud assets. The toolkit supports tagging, visual dashboards, and NIST-based risk scoring.