Litcius/Paper detail

Anomalous distributed traffic: Detecting cyber security attacks amongst microservices using graph convolutional networks

Stephen Jacob, Yuansong Qiao, Yuhang Ye, Brian Lee

2022Computers & Security30 citationsDOIOpen Access PDF

Abstract

Currently, microservices are trending as the most popular software application design architecture. Software organisations are also being targeted by more cyber-attacks every day and newer security measures are in high demand. One available measure is the application of anomaly detection, which is defined as the discovery of irregular or unusual activity that occurs to a greater or lesser degree than normal occurrences in a data series. In this paper, we continue existing work where various real-world cyber-attacks are executed against a running microservices application, and the application traffic is logged and returned in the form of distributed traces. A Diffusion Convolutional Recurrent Neural Network is used to model the set of distributed traces and learn the spatial and temporal dependencies of the application traffic. Subsequently, the model is used to make predictions for ongoing microservice activity and threshold-based anomaly detection is applied to detect irregular microservice activity indicating the presence of seeded cyber security attacks, or anomalies. The cyber-attacks used to evaluate this approach include a brute force attack, a batch registration of bot accounts and a distributed denial of service attack.

Topics & Concepts

MicroservicesComputer scienceDenial-of-service attackAnomaly detectionAttack patternsSoftwareConvolutional neural networkComputer securityIntrusion detection systemData miningCloud computingArtificial intelligenceOperating systemThe InternetSoftware System Performance and ReliabilityNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting
Anomalous distributed traffic: Detecting cyber security attacks amongst microservices using graph convolutional networks | Litcius