Anomaly Detection of Web-Based Attacks in Microservices

Thumbnail Image

Files

master_Harlicaj_Eljon_2021.pdf (4.08 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2021-08-23

Department

Major/Subject

Security and Cloud Computing (SECCLO)

Mcode

SCI3084

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

55

Series

Abstract

Cybercriminals exploit vulnerabilities in web applications by leveraging different attacks to gain unauthorized access to sensitive resources in web servers. Security researchers have extensively investigated anomaly detection of web-based attacks; however, the cloud-native paradigm shift combined with the increasing usage of microservices introduces new challenges and opportunities. This thesis studies relevant research in anomaly detection of web-based attacks and proposes new methods for modeling regular web requests and the inter-service communication patterns in modern web applications. Specifically, we present a solution that leverages service meshes for collecting web logs in cloud environments without accessing the source code of the applications. First, we present the design and implementation of a method to abstract from web logs to Log-Keys sequences for performing anomaly detection with Long Short-Term Memory Recurrent Neural Networks. Second, we implement Autoencoders to detect anomalies in the content of web requests. Finally, we create two datasets and conduct experiments to analyze and evaluate our solution. We perform an extensive analysis of the parameter space and the related impact on the anomaly detection performance. By an appropriate choice of these parameters, our solution is able to detect 91% of the anomalies in the considered dataset with only a 0.11% false positive rate.

Description

Supervisor

Di Francesco, Mario

Thesis advisor

Di Francesco, Mario

Keywords

security, cloud, anomaly detection, microservices, machine learning

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202108298552

Collections

[dipl] Perustieteiden korkeakoulu / SCI