Detecting DoS Attacks in Microservice Applications: Approach and Case Study

Resumo

A microservices-based architecture decreases the complexity of developing new systems, making them highly scalable and manageable. However, its distributed nature, the high granularity of services, and the large attack surface increase the need to secure those systems at runtime. This paper investigates the challenges of detecting low- and high-volume DoS attacks against microservices using application-level metrics. We conducted an exploratory study to evaluate how different services influence attack detection, the use of Machine Learning (ML) techniques to detect DoS attacks, and the application-level metrics that can be used to detect DoS attacks. The results show that, analysing the services in parallel improves the detection rate, ML models are promising in detecting DoS attacks, and the numbers of sockets and threads used by containers are valuable metrics to indicate high-volume DoS attacks.