Abstract
Not only the increased complexity of the malicious acts on the Internet, but also the continuous increase of new attack methods compromise Internet-based services as a threat to the modern society. In this study, malicious behavior in a microservices-based web application is detected by measuring the patterns of CRUD (create, read, update, delete) access. The aim of this paper is to detect malicious users (or even the first malicious attempt of a trustworthy user) as soon as the action occurred according to the characteristics of the sequential use of microservices. The proposed approach renders OWASP Foundation's Top 10 critical web application security risks as possible attack vectors. Thus, a data set including such attacks together with mostly benign behavior is generated and measured on the microservices-based web application. The data set is then used to determine benign and malicious classes of behavior using RandomForest, NaiveBayes, J48, AdaBoost, ZeroR, Bagging, Logistic Regression and K-Star machine learning algorithms. The best malicious behavior detection accuracy encountered during experiments is an auspicious 99.36% using RandomForest classiclassification algorithm. After the classification of malicious behavior, the respective user's further access to the microservices could be blocked to prevent the waste of resources.
Translated title of the contribution | Detecting malicious behavior in microservice based web applications |
---|---|
Original language | Turkish |
Title of host publication | 27th Signal Processing and Communications Applications Conference, SIU 2019 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781728119045 |
DOIs | |
Publication status | Published - Apr 2019 |
Event | 27th Signal Processing and Communications Applications Conference, SIU 2019 - Sivas, Turkey Duration: 24 Apr 2019 → 26 Apr 2019 |
Publication series
Name | 27th Signal Processing and Communications Applications Conference, SIU 2019 |
---|
Conference
Conference | 27th Signal Processing and Communications Applications Conference, SIU 2019 |
---|---|
Country/Territory | Turkey |
City | Sivas |
Period | 24/04/19 → 26/04/19 |
Bibliographical note
Publisher Copyright:© 2019 IEEE.