Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.

[1]  Yuan He,et al.  An Open-Source Benchmark Suite for Microservices and Their Hardware-Software Implications for Cloud & Edge Systems , 2019, ASPLOS.

[2]  Ronghua Xu,et al.  A Microservice-enabled Architecture for Smart Surveillance using Blockchain Technology , 2018, 2018 IEEE International Smart Cities Conference (ISC2).

[4]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.

[5]  Yuan He,et al.  Seer: Leveraging Big Data to Navigate the Complexity of Performance Debugging in Cloud Microservices , 2019, ASPLOS.

[6]  Odej Kao,et al.  Anomaly Detection and Classification using Distributed Tracing and Deep Learning , 2019, 2019 19th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[7]  James Won-Ki Hong,et al.  Traffic dispersion graph based anomaly detection , 2011, SoICT.

[8]  Yuan He,et al.  Leveraging Deep Learning to Improve Performance Predictability in Cloud Microservices with Seer , 2019, OPSR.

[9]  Sacha Brostoff,et al.  “Ten strikes and you're out”: Increasing the number of login attempts can improve password usability , 2003 .

[10]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[11]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[12]  Yuqiong Sun,et al.  Security-as-a-Service for Microservices-Based Cloud Applications , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[13]  Christina Delimitrou,et al.  The Architectural Implications of Cloud Microservices , 2018, IEEE Computer Architecture Letters.