Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

Stephen Jacob, Yuansong Qiao, Brian Lee

2021

Abstract

Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.

Download


Paper Citation


in Harvard Style

Jacob S., Qiao Y. and Lee B. (2021). Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 588-595. DOI: 10.5220/0010308905880595


in Bibtex Style

@conference{icissp21,
author={Stephen Jacob and Yuansong Qiao and Brian Lee},
title={Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={588-595},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010308905880595},
isbn={978-989-758-491-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing
SN - 978-989-758-491-6
AU - Jacob S.
AU - Qiao Y.
AU - Lee B.
PY - 2021
SP - 588
EP - 595
DO - 10.5220/0010308905880595