Anomalous distributed traffic: detecting cyber security attacks amongst microservices using graph convolutional networks
| dc.contributor.author | Jacob, Stephen | |
| dc.contributor.author | Qiao, Yuansong | |
| dc.contributor.author | Ye, Yuhang | |
| dc.contributor.author | Lee, Brian | |
| dc.date.accessioned | 2022-05-24T12:10:44Z | |
| dc.date.available | 2022-05-24T12:10:44Z | |
| dc.date.copyright | 2022 | |
| dc.date.issued | 2022-04-22 | |
| dc.identifier.citation | Jacob, S., Qiao, Y., Ye, Y., Lee, B. (2022). Anomalous distributed traffic: detecting cyber security attacks amongst microservices using graph convolutional networks. Computers & Security. 118. 102728.https://doi.org/10.1016/j.cose.2022.102728 | en_US |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.uri | http://research.thea.ie/handle/20.500.12065/3991 | |
| dc.description.abstract | Currently, microservices are trending as the most popular software application design architecture. Software organisations are also being targeted by more cyber-attacks every day and newer security measures are in high demand. One available measure is the application of anomaly detection, which is defined as the discovery of irregular or unusual activity that occurs to a greater or lesser degree than normal occurrences in a data series. In this paper, we continue existing work where various real-world cyber-attacks are executed against a running microservices application, and the application traffic is logged and returned in the form of distributed traces. A Diffusion Convolutional Recurrent Neural Network is used to model the set of distributed traces and learn the spatial and temporal dependencies of the application traffic. Subsequently, the model is used to make predictions for ongoing microservice activity and threshold-based anomaly detection is applied to detect irregular microservice activity indicating the presence of seeded cyber security attacks, or anomalies. The cyber-attacks used to evaluate this approach include a brute force attack, a batch registration of bot accounts and a distributed denial of service attack. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Elsevier | en_US |
| dc.relation.ispartof | Computers & Security | en_US |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
| dc.subject | Cyber security | en_US |
| dc.subject | Microservices | en_US |
| dc.subject | Distributed tracing | en_US |
| dc.subject | Anomaly detection | en_US |
| dc.subject | Graph convolutional network | en_US |
| dc.subject | Traffic forecasting | en_US |
| dc.title | Anomalous distributed traffic: detecting cyber security attacks amongst microservices using graph convolutional networks | en_US |
| dc.type | info:eu-repo/semantics/article | en_US |
| dc.contributor.affiliation | Technological University of the Shannon Midlands Midwest | en_US |
| dc.contributor.sponsor | f Athlone Institute of Technology under its Presidents Seed Fund (2021) and Science Foundation Ireland (SFI) | en_US |
| dc.description.peerreview | yes | en_US |
| dc.identifier.doi | 10.1016/j.cose.2022.102728 | en_US |
| dc.identifier.orcid | https://orcid.org/ 0000-0003-2297-4343 | en_US |
| dc.identifier.orcid | https://orcid.org/ 0000-0002-1543-1589 | en_US |
| dc.identifier.orcid | https://orcid.org/ 0000-0003-4608-1451 | en_US |
| dc.identifier.orcid | https://orcid.org/ 0000-0002-8475-4074 | en_US |
| dc.identifier.volume | 118 | en_US |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | en_US |
| dc.subject.department | Software Research Institute TUS:MM | en_US |
| dc.type.version | info:eu-repo/semantics/publishedVersion | en_US |
| dc.relation.projectid | SFI 16/RC/3918 | en_US |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 International