Anomalous distributed traffic: Detecting cyber security attacks amongst microservices using graph convolutional networks

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

Currently, microservices are trending as the most popular software application design architecture. Software organisations are also being targeted by more cyber-attacks every day and newer security measures are in high demand. One available measure is the application of anomaly detection, which is defined as the discovery of irregular or unusual activity that occurs to a greater or lesser degree than normal occurrences in a data series. In this paper, we continue existing work where various real-world cyber-attacks are executed against a running microservices application, and the application traffic is logged and returned in the form of distributed traces. A Diffusion Convolutional Recurrent Neural Network is used to model the set of distributed traces and learn the spatial and temporal dependencies of the application traffic. Subsequently, the model is used to make predictions for ongoing microservice activity and threshold-based anomaly detection is applied to detect irregular microservice activity indicating the presence of seeded cyber security attacks, or anomalies. The cyber-attacks used to evaluate this approach include a brute force attack, a batch registration of bot accounts and a distributed denial of service attack.

Original languageEnglish
Article number102728
JournalComputers and Security
Volume118
DOIs
Publication statusPublished - Jul 2022

Keywords

  • Anomaly detection
  • Cyber security
  • Distributed tracing
  • Graph convolutional network
  • Microservices
  • Traffic forecasting

Fingerprint

Dive into the research topics of 'Anomalous distributed traffic: Detecting cyber security attacks amongst microservices using graph convolutional networks'. Together they form a unique fingerprint.

Cite this