Learning Centre

Anomaly Detection of Web-Based Attacks in Microservices

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Di Francesco, Mario
dc.contributor.author Harlicaj, Eljon
dc.date.accessioned 2021-08-29T17:09:04Z
dc.date.available 2021-08-29T17:09:04Z
dc.date.issued 2021-08-23
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/109316
dc.description.abstract Cybercriminals exploit vulnerabilities in web applications by leveraging different attacks to gain unauthorized access to sensitive resources in web servers. Security researchers have extensively investigated anomaly detection of web-based attacks; however, the cloud-native paradigm shift combined with the increasing usage of microservices introduces new challenges and opportunities. This thesis studies relevant research in anomaly detection of web-based attacks and proposes new methods for modeling regular web requests and the inter-service communication patterns in modern web applications. Specifically, we present a solution that leverages service meshes for collecting web logs in cloud environments without accessing the source code of the applications. First, we present the design and implementation of a method to abstract from web logs to Log-Keys sequences for performing anomaly detection with Long Short-Term Memory Recurrent Neural Networks. Second, we implement Autoencoders to detect anomalies in the content of web requests. Finally, we create two datasets and conduct experiments to analyze and evaluate our solution. We perform an extensive analysis of the parameter space and the related impact on the anomaly detection performance. By an appropriate choice of these parameters, our solution is able to detect 91% of the anomalies in the considered dataset with only a 0.11% false positive rate. en
dc.format.extent 55
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Anomaly Detection of Web-Based Attacks in Microservices en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword security en
dc.subject.keyword cloud en
dc.subject.keyword anomaly detection en
dc.subject.keyword microservices en
dc.subject.keyword machine learning en
dc.identifier.urn URN:NBN:fi:aalto-202108298552
dc.programme.major Security and Cloud Computing (SECCLO) fi
dc.programme.mcode SCI3084 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Di Francesco, Mario
dc.programme Master’s Programme in Security and Cloud Computing (SECCLO) fi
local.aalto.electroniconly yes
local.aalto.openaccess yes

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication