API Traffic Anomaly Detection in Microservice Architecture

Abstract

In the current Digital Age, data is an important asset that is constantly targeted in cyberattacks. Attackers make use of vulnerabilities in the application design to perform data theft. Therefore, there is a need to implement an intrusion detection mechanism that is specific to the application architecture. The Microservices Architecture is predominantly used by organizations to develop their software applications. This application design architecture is a group of individual services that interact through Application Programming Interfaces (APIs). As the number of API endpoints increases, there is an increase in the attack surface for hackers to exploit the application. The activity at these endpoints and API calls can be monitored to check for anomalies, which indicates abnormal behaviour. An API call refers to a request made to an API endpoint. Multiple API calls among the services generate API traffic in the application. This traffic can be analyzed for detecting unusual behaviour. In this paper, a machine-learning based technique, API Traffic Anomaly Detection (API-TAD), that detects anomalies in API traffic at two levels – a generalized level, and an application-specific level is proposed. This makes it a more efficient and accurate anomaly detection, not only in the network layer of the OSI model, but also in the application layer.