Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

Stephen Jacob; Yuansong Qiao; Brian Lee

doi:10.5220/0010308905880595

Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

Stephen Jacob, Yuansong Qiao, Brian Lee

Software Research Institute (SRI)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Citations (Scopus)

Abstract

Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.

Original language	English
Title of host publication	ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy
Editors	Paolo Mori, Gabriele Lenzini, Steven Furnell
Publisher	Science and Technology Publications, Lda
Pages	588-595
Number of pages	8
ISBN (Electronic)	9789897584916
ISBN (Print)	9789897584916
DOIs	https://doi.org/10.5220/0010308905880595
Publication status	Published - 2021
Event	7th International Conference on Information Systems Security and Privacy, ICISSP 2021 - Virtual, Online Duration: 11 Feb 2021 → 13 Feb 2021

Publication series

Name	International Conference on Information Systems Security and Privacy
ISSN (Electronic)	2184-4356

Conference

Conference	7th International Conference on Information Systems Security and Privacy, ICISSP 2021
City	Virtual, Online
Period	11/02/21 → 13/02/21

Keywords

Anomaly Detection
Cyber Security
Distributed Tracing
Microservices

Access to Document

10.5220/0010308905880595

Cite this

Jacob, S., Qiao, Y., & Lee, B. (2021). Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing. In P. Mori, G. Lenzini, & S. Furnell (Eds.), ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy (pp. 588-595). (International Conference on Information Systems Security and Privacy). Science and Technology Publications, Lda. https://doi.org/10.5220/0010308905880595

Jacob, Stephen ; Qiao, Yuansong ; Lee, Brian. / Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing. ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy. editor / Paolo Mori ; Gabriele Lenzini ; Steven Furnell. Science and Technology Publications, Lda, 2021. pp. 588-595 (International Conference on Information Systems Security and Privacy).

@inproceedings{f89e4c5c30bd47f9926bf79e033f804f,

title = "Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing",

abstract = "Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.",

keywords = "Anomaly Detection, Cyber Security, Distributed Tracing, Microservices",

author = "Stephen Jacob and Yuansong Qiao and Brian Lee",

note = "Publisher Copyright: {\textcopyright} 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved.; 7th International Conference on Information Systems Security and Privacy, ICISSP 2021 ; Conference date: 11-02-2021 Through 13-02-2021",

year = "2021",

doi = "10.5220/0010308905880595",

language = "English",

isbn = "9789897584916",

series = "International Conference on Information Systems Security and Privacy",

publisher = "Science and Technology Publications, Lda",

pages = "588--595",

editor = "Paolo Mori and Gabriele Lenzini and Steven Furnell",

booktitle = "ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy",

address = "Portugal",

}

Jacob, S , Qiao, Y & Lee, B 2021, Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing. in P Mori, G Lenzini & S Furnell (eds), ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy. International Conference on Information Systems Security and Privacy, Science and Technology Publications, Lda, pp. 588-595, 7th International Conference on Information Systems Security and Privacy, ICISSP 2021, Virtual, Online, 11/02/21. https://doi.org/10.5220/0010308905880595

Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing. / Jacob, Stephen ; Qiao, Yuansong ; Lee, Brian.
ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy. ed. / Paolo Mori; Gabriele Lenzini; Steven Furnell. Science and Technology Publications, Lda, 2021. p. 588-595 (International Conference on Information Systems Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

AU - Jacob, Stephen

AU - Qiao, Yuansong

AU - Lee, Brian

PY - 2021

Y1 - 2021

N2 - Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.

AB - Microservices are emerging as the dominant software design architecture for many different applications, and cyber attacks are targeting more software organisations every day. Newer techniques for detecting cyber intrusions against such applications are in high demand. Application functionality that is executed within a microservices application can be monitored and logged using distributed tracing. Distributed tracing is normally used for performance management of microservices applications. In this paper, we used distributed tracing for detecting cyber-security attacks. Each microservice call, or sequence of calls, executed in response to a request by an end user of the application is logged as a trace. Anomaly detection is a means of detecting irregular or unusual events or patterns in a data set that occur to a greater or a lesser degree than the majority of the data. In this paper, we present initial work that identifies anomalous distributions of traces. A frequency distribution of traces is obtained from normal data and traffic is identified as an anomaly candidate if it differs sufficiently from the base distribution. This approach is evaluated using a password guessing attack. In addition, we briefly discuss a NoSQL injection attack which we argue is difficult to detect using trace data.

KW - Anomaly Detection

KW - Cyber Security

KW - Distributed Tracing

KW - Microservices

UR - http://www.scopus.com/inward/record.url?scp=85176334977&partnerID=8YFLogxK

U2 - 10.5220/0010308905880595

DO - 10.5220/0010308905880595

M3 - Conference contribution

AN - SCOPUS:85176334977

SN - 9789897584916

T3 - International Conference on Information Systems Security and Privacy

SP - 588

EP - 595

BT - ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy

A2 - Mori, Paolo

A2 - Lenzini, Gabriele

A2 - Furnell, Steven

PB - Science and Technology Publications, Lda

T2 - 7th International Conference on Information Systems Security and Privacy, ICISSP 2021

Y2 - 11 February 2021 through 13 February 2021

ER -

Jacob S , Qiao Y , Lee B. Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing. In Mori P, Lenzini G, Furnell S, editors, ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy. Science and Technology Publications, Lda. 2021. p. 588-595. (International Conference on Information Systems Security and Privacy). doi: 10.5220/0010308905880595

Detecting Cyber Security Attacks against a Microservices Application using Distributed Tracing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this