Anomaly Detection of Web-Based Attacks in Microservices

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorDi Francesco, Mario
dc.contributor.authorHarlicaj, Eljon
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorDi Francesco, Mario
dc.date.accessioned2021-08-29T17:09:04Z
dc.date.available2021-08-29T17:09:04Z
dc.date.issued2021-08-23
dc.description.abstractCybercriminals exploit vulnerabilities in web applications by leveraging different attacks to gain unauthorized access to sensitive resources in web servers. Security researchers have extensively investigated anomaly detection of web-based attacks; however, the cloud-native paradigm shift combined with the increasing usage of microservices introduces new challenges and opportunities. This thesis studies relevant research in anomaly detection of web-based attacks and proposes new methods for modeling regular web requests and the inter-service communication patterns in modern web applications. Specifically, we present a solution that leverages service meshes for collecting web logs in cloud environments without accessing the source code of the applications. First, we present the design and implementation of a method to abstract from web logs to Log-Keys sequences for performing anomaly detection with Long Short-Term Memory Recurrent Neural Networks. Second, we implement Autoencoders to detect anomalies in the content of web requests. Finally, we create two datasets and conduct experiments to analyze and evaluate our solution. We perform an extensive analysis of the parameter space and the related impact on the anomaly detection performance. By an appropriate choice of these parameters, our solution is able to detect 91% of the anomalies in the considered dataset with only a 0.11% false positive rate.en
dc.format.extent55
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/109316
dc.identifier.urnURN:NBN:fi:aalto-202108298552
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computing (SECCLO)fi
dc.programme.mcodeSCI3084fi
dc.subject.keywordsecurityen
dc.subject.keywordclouden
dc.subject.keywordanomaly detectionen
dc.subject.keywordmicroservicesen
dc.subject.keywordmachine learningen
dc.titleAnomaly Detection of Web-Based Attacks in Microservicesen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Harlicaj_Eljon_2021.pdf
Size:
4.08 MB
Format:
Adobe Portable Document Format