Mitigating Internal, Stealthy DoS Attacks in Microservice Networks
Osman, Amr; Born, Jeannine; Strufe, Thorsten
Abstract (englisch):
The advent of Microservice (MS) architectures has led to increasingly complex communication patterns between distributed web applications in the cloud. In order to process an incoming request, each MS must invoke multiple remote API calls to the MSes that it is connected to along a service dependency graph. This allows attackers to exploit long-running remote API calls along the performance-critical path to cause application DoS, and potentially amplify subsequent inter-MS communication. This paper focuses on mitigating a class of stealthy, low-volume DDoS attacks that are launched internally from within and exploit this. The attacker uses the MSes under its control to disguise then send and resource-heavy requests to target MSes in a way that is indistinguishable from benign requests. We propose a probabilistic algorithm to proactively identify MSes involved in DDoS, and mitigate the attack in real-time.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2021 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-030-91080-8 KITopen-ID: 1000140315 |
| Erschienen in | Stabilization, Safety, and Security of Distributed Systems : 23rd International Symposium, SSS 2021, Virtual Event, November 17–20, 2021, Proceedings. Ed.: C. Johnen |
| Veranstaltung | 23rd Stabilization, Safety, and Security of Distributed Systems : International Symposium (SSS 2021), Online, 17.11.2021 – 20.11.2021 |
| Auflage | 1. ed. |
| Verlag | Springer |
| Seiten | 500–504 |
| Serie | Theoretical Computer Science and General Issues ; 13046 ; 13046 |
| Vorab online veröffentlicht am | 09.11.2021 |
| Externe Relationen | Siehe auch |
| Schlagwörter | Microservice architectures, communication patterns, networks, API |
| Nachgewiesen in | Dimensions Scopus |