Microservices made attack-resilient using unsupervised service fissioning

Ataollah Fatahi Baarzi, George Kesidis, Daniel Fleck, Angelos Stavrou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Application-layer DoS attacks are increasing as the number of cloud-deployed microservice applications is increasing. The attacker tries to exhaust computing resources and brings the nominal applications down by exploiting application-layer vulnerabilities. As traditional solutions for volumetric DoS attacks will not be able to handle these attacks, new approaches are required to detect and respond to application-layer attacks. In this work, we propose an unsupervised, non-intrusive and application-agnostic detection approach and fissioning-based response mechanism. We built our prototype on kubernetes, the state of the art container orchestrator for microservices, and show its effectiveness through experimental evaluation. Our preliminary results show that using our detection and defense mechanism, we are able to a) efficiently identify the attacks and b) reduce the effect of the attack on legitimate users by 3× compared to a case where there is no detection/defense in place.

Original languageEnglish (US)
Title of host publicationProceedings of the 13th European Workshop on Systems Security, EuroSec 2020
PublisherAssociation for Computing Machinery, Inc
Pages31-36
Number of pages6
ISBN (Electronic)9781450375238
DOIs
StatePublished - Apr 27 2020
Event13th European Workshop on Systems Security, EuroSec 2020 - Heraklion, Greece
Duration: Apr 27 2020 → …

Publication series

NameProceedings of the 13th European Workshop on Systems Security, EuroSec 2020

Conference

Conference13th European Workshop on Systems Security, EuroSec 2020
Country/TerritoryGreece
CityHeraklion
Period4/27/20 → …

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Microservices made attack-resilient using unsupervised service fissioning'. Together they form a unique fingerprint.

Cite this