Risk Classification of Docker Container Images Using Machine Learning and Vulnerability Metrics

Authors

  • Santosh Ugale Department of Computer Engineering, MET's Institute of Engineering, Nashik 422003, Maharashtra, Affiliated to Savitribai Phule Pune University (SPPU), Maharashtra, India https://orcid.org/0009-0004-8213-341X
  • Amol Potgantwar Department of Computer Engineering, Sandip Institute of Technology and Research Center,Nashik 422213, Maharashtra, Affiliated to Savitribai Phule Pune University (SPPU), Maharashtra, India https://orcid.org/0000-0002-3621-4639
Volume: 15 | Issue: 6 | Pages: 30310-30316 | December 2025 | https://doi.org/10.48084/etasr.12627

Received: 8 June 2025 | Revised: 7 October 2025 and 11 October 2025 | Accepted: 13 October 2025 | Online: 6 December 2025


Corresponding author: Santosh Ugale

Abstract

With the rapid adoption of containerized applications, ensuring the security of container images has become a critical concern. Traditional image scanning tools provide a list of vulnerabilities but lack automated risk classification mechanisms that aid in proactive mitigation. This research presents a Machine Learning (ML)-based approach to classify container images into High-Risk and Low-Risk categories using metadata and vulnerability scan results. The dataset was generated by scanning widely used Docker images with Trivy, capturing attributes such as image size, number of packages, file count, executables, and CVE severity levels. Two XGBoost-based classification models were developed. The first model used raw features, achieving an accuracy of 90.91%. Employing the same datasets, the second model achieved 100% accuracy using engineering features, specifically Vuln_Score (Critical + High vulnerabilities) and Pkg_per_MB (package density). The results show that adding domain-specific features improves risk detection accuracy and provides a scalable way to automate security assessments in CI/CD pipelines. This study proposes an effective method for classifying container images and detecting security flaws for different containerized platforms.

Keywords:

cloud security, containerization, DevSecOps, vulnerability assessment, docker

Downloads

Download data is not yet available.

References

M. Aldiabat, Q. M. Yaseen, and Q. A. Ein, "An Efficient Random Forest Classifier for Detecting Malicious Docker Images in Docker Hub Repository," IEEE Access, pp. 1–1, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3506663

A. Mills, J. White, and P. Legg, "Longitudinal Risk-Based Security Assessment of Docker Software Container Images," Computers & Security, vol. 135, Dec. 2023, Art. no. 103478. DOI: https://doi.org/10.1016/j.cose.2023.103478

B. Kaur, M. Dugré, A. Hanna, and T. Glatard, "An Analysis of Security Vulnerabilities in Container Images for Scientific Data Analysis," GigaScience, vol. 10, no. 6, June 2021, Art. no. giab025. DOI: https://doi.org/10.1093/gigascience/giab025

O. Tunde-Onadele, Y. Lin, X. Gu, J. He, and H. Latapie, "Self-Supervised Machine Learning Framework for Online Container Security Attack Detection," ACM Transactions on Autonomous and Adaptive Systems, vol. 19, no. 3, pp. 1–28, Sept. 2024. DOI: https://doi.org/10.1145/3665795

J. Diaz, J. E. Perez, M. A. Lopez-Pena, G. A. Mena, and A. Yague, "Self-Service Cybersecurity Monitoring as Enabler for DevSecOps," IEEE Access, vol. 7, pp. 100283–100295, 2019. DOI: https://doi.org/10.1109/ACCESS.2019.2930000

M. Nadeem, A. Arshad, S. Riaz, S. S. Band, and A. Mosavi, "Intercept the Cloud Network from Brute Force and DDoS Attacks via Intrusion Detection and Prevention System," IEEE Access, vol. 9, pp. 152300–152309, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3126535

S. Sultan, I. Ahmad, and T. Dimitriou, "Container Security: Issues, Challenges, and the Road Ahead," IEEE Access, vol. 7, pp. 52976–52996, 2019. DOI: https://doi.org/10.1109/ACCESS.2019.2911732

I. T. Aktolga, E. S. Kuru, Y. Sever, and P. Angin, "AI-Driven Container Security Approaches for 5G and Beyond: A survey," ITU Journal on Future and Evolving Technologies, vol. 4, no. 2, pp. 364–382, June 2023. DOI: https://doi.org/10.52953/ZRCK3746

A. Nousias et al., "Malware Detection in Docker Containers: An Image is Worth a Thousand Logs," in ICC 2025 - IEEE International Conference on Communications, Montreal, QC, Canada, June 2025, pp. 6401–6407. DOI: https://doi.org/10.1109/ICC52391.2025.11161263

N. Jaccard, T. W. Rogers, E. J. Morton, and L. D. Griffin, "Automated Detection of Smuggled High-Risk Security Threats using Deep Learning," in 7th International Conference on Imaging for Crime Detection and Prevention (ICDP 2016), Madrid, Spain, 2016, Art. no. 11 (4.) -11 (4.). DOI: https://doi.org/10.1049/ic.2016.0079

O. Jarkas, R. Ko, N. Dong, and R. Mahmud, "A Container Security Survey: Exploits, Attacks, and Defenses," ACM Computing Surveys, vol. 57, no. 7, pp. 1–36, July 202. DOI: https://doi.org/10.1145/3715001

Md. S. Islam Shamim, F. Ahamed Bhuiyan, and A. Rahman, "XI Commandments of Kubernetes Security: A Systematization of Knowledge Related to Kubernetes Security Practices," in 2020 IEEE Secure Development (SecDev), Atlanta, GA, USA, Sept. 2020, pp. 58–64. DOI: https://doi.org/10.1109/SecDev45635.2020.00025

A. Avritzer, "Challenges and Approaches for the Assessment of Micro-Service Architecture Deployment Alternatives in DevOps: A tutorial presented at ICSA 2020," in 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), Salvador, Brazil, Mar. 2020, pp. 1–2. DOI: https://doi.org/10.1109/ICSA-C50368.2020.00007

B. Arnold and Y. Qu, "Detecting Software Security Vulnerability during an Agile Development by Testing the Changes to the Security Posture of Software Systems," in 2020 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, Dec. 2020, pp. 1743–1748. DOI: https://doi.org/10.1109/CSCI51800.2020.00323

A. Guptha, H. Murali, and S. T, "A Comparative Analysis of Security Services in Major Cloud Service Providers," in 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India, May 2021, pp. 129–136. DOI: https://doi.org/10.1109/ICICCS51141.2021.9432189

F. Angermeir, M. Voggenreiter, F. Moyon, and D. Mendez, "Enterprise-Driven Open Source Software: A Case Study on Security Automation," in 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), Madrid, Spain, May 2021, pp. 278–287. DOI: https://doi.org/10.1109/ICSE-SEIP52600.2021.00037

S. Ugale and A. Potgantwar, "Container Security in Cloud Environments: A Comprehensive Analysis and Future Directions for DevSecOps," in RAiSE-2023, Dec. 2023, Art. no. 57. DOI: https://doi.org/10.3390/engproc2023059057

N. K. A. Nemirajaiah and C. K. Raju, "Securing Virtual Machines using Cloning in Cloud Services," Engineering, Technology & Applied Science Research, vol. 15, no. 2, pp. 20770–20775, Apr. 2025. DOI: https://doi.org/10.48084/etasr.9391

Aqua Security. "Trivy - A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts." GitHub Repository. https://github.com/aquasecurity/trivy.

Grype - Vulnerability Scanner for Container Images and Filesystems, v0.102.0, GitHub Repository, 2025 [Online]. Available: https://github.com/anchore/grype.

Docker Inc. "Docker Hub - Manage Image Vulnerability Scanning." Docker Documentation, 2025, https://docs.docker.com/docker-hub/repos/manage/vulnerability-scanning/.

Sysdig. "Analysis of Supply Chain Attacks Through Public Docker Images." Sysdig Blog, 2025, https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/.

S. Ugale, "Container image dataset." Zenodo, Oct. 10, 2025.

"Docker Hardened Images - Secure & Compliant." Hub, 2025, [Online]. Available: https://hub.docker.com/.

Santosh Ugale, "Container Image Scan Results." Kaggle Dataset, Oct. 2025, [Online]. Available: https://www.kaggle.com/datasets/santoshugale/container-image-scan-results.

Downloads

How to Cite

[1]
S. Ugale and A. Potgantwar, “Risk Classification of Docker Container Images Using Machine Learning and Vulnerability Metrics”, Eng. Technol. Appl. Sci. Res., vol. 15, no. 6, pp. 30310–30316, Dec. 2025.

Metrics

Abstract Views: 456
PDF Downloads: 404

Metrics Information

License

Copyright (c) 2025 Santosh Ugale, Amol Potgantwar

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.

Crossref
Scopus
Google Scholar
Europe PMC