M. Sowmya, Ankith Rai, V. Spoorthi, Md Irfan, Prasad B. Honnavalli, S. Nagasundari
{"title":"API Traffic Anomaly Detection in Microservice Architecture","authors":"M. Sowmya, Ankith Rai, V. Spoorthi, Md Irfan, Prasad B. Honnavalli, S. Nagasundari","doi":"10.1109/CCGridW59191.2023.00044","DOIUrl":null,"url":null,"abstract":"In the current Digital Age, data is an important asset that is constantly targeted in cyberattacks. Attackers make use of vulnerabilities in the application design to perform data theft. Therefore, there is a need to implement an intrusion detection mechanism that is specific to the application architecture. The Microservices Architecture is predominantly used by organizations to develop their software applications. This application design architecture is a group of individual services that interact through Application Programming Interfaces (APIs). As the number of API endpoints increases, there is an increase in the attack surface for hackers to exploit the application. The activity at these endpoints and API calls can be monitored to check for anomalies, which indicates abnormal behaviour. An API call refers to a request made to an API endpoint. Multiple API calls among the services generate API traffic in the application. This traffic can be analyzed for detecting unusual behaviour. In this paper, a machine-learning based technique, API Traffic Anomaly Detection (API-TAD), that detects anomalies in API traffic at two levels – a generalized level, and an application-specific level is proposed. This makes it a more efficient and accurate anomaly detection, not only in the network layer of the OSI model, but also in the application layer.","PeriodicalId":341115,"journal":{"name":"2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW)","volume":"97 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCGridW59191.2023.00044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In the current Digital Age, data is an important asset that is constantly targeted in cyberattacks. Attackers make use of vulnerabilities in the application design to perform data theft. Therefore, there is a need to implement an intrusion detection mechanism that is specific to the application architecture. The Microservices Architecture is predominantly used by organizations to develop their software applications. This application design architecture is a group of individual services that interact through Application Programming Interfaces (APIs). As the number of API endpoints increases, there is an increase in the attack surface for hackers to exploit the application. The activity at these endpoints and API calls can be monitored to check for anomalies, which indicates abnormal behaviour. An API call refers to a request made to an API endpoint. Multiple API calls among the services generate API traffic in the application. This traffic can be analyzed for detecting unusual behaviour. In this paper, a machine-learning based technique, API Traffic Anomaly Detection (API-TAD), that detects anomalies in API traffic at two levels – a generalized level, and an application-specific level is proposed. This makes it a more efficient and accurate anomaly detection, not only in the network layer of the OSI model, but also in the application layer.