Mikroservis tabanli aǧ uygulamalarinda zararli davranişlarin saptanmasi

Translated title of the contribution: Detecting malicious behavior in microservice based web applications

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Not only the increased complexity of the malicious acts on the Internet, but also the continuous increase of new attack methods compromise Internet-based services as a threat to the modern society. In this study, malicious behavior in a microservices-based web application is detected by measuring the patterns of CRUD (create, read, update, delete) access. The aim of this paper is to detect malicious users (or even the first malicious attempt of a trustworthy user) as soon as the action occurred according to the characteristics of the sequential use of microservices. The proposed approach renders OWASP Foundation's Top 10 critical web application security risks as possible attack vectors. Thus, a data set including such attacks together with mostly benign behavior is generated and measured on the microservices-based web application. The data set is then used to determine benign and malicious classes of behavior using RandomForest, NaiveBayes, J48, AdaBoost, ZeroR, Bagging, Logistic Regression and K-Star machine learning algorithms. The best malicious behavior detection accuracy encountered during experiments is an auspicious 99.36% using RandomForest classiclassification algorithm. After the classification of malicious behavior, the respective user's further access to the microservices could be blocked to prevent the waste of resources.

Translated title of the contributionDetecting malicious behavior in microservice based web applications
Original languageTurkish
Title of host publication27th Signal Processing and Communications Applications Conference, SIU 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728119045
DOIs
Publication statusPublished - Apr 2019
Event27th Signal Processing and Communications Applications Conference, SIU 2019 - Sivas, Turkey
Duration: 24 Apr 201926 Apr 2019

Publication series

Name27th Signal Processing and Communications Applications Conference, SIU 2019

Conference

Conference27th Signal Processing and Communications Applications Conference, SIU 2019
Country/TerritoryTurkey
CitySivas
Period24/04/1926/04/19

Bibliographical note

Publisher Copyright:
© 2019 IEEE.

Fingerprint

Dive into the research topics of 'Detecting malicious behavior in microservice based web applications'. Together they form a unique fingerprint.

Cite this