Titulo Estágio
Attack Detection at the Architectural Level in Microservice Applications
Local do Estágio
DEI-FCTUC
Enquadramento
The adoption of microservice-based architecture has been widespread due to its capacity to develop computer systems that are highly scalable, flexible, and manageable. These systems comprise several units of independent services that can be individually created, deployed, updated, and deleted as required. However, these applications distributed nature of these applications, high service granularity, and large attack surface pose significant challenges in monitoring and detecting intrusions or attacks. Monitoring the microservice application allows for gathering information about the system's properties, which can be used to characterize the application's security. Nevertheless, a single microservice application can contain tens to hundreds of services with intricate interrelationships leading to a massive volume of data. Analyzing all services' gathered attributes (e.g., CPU usage, number of active sockets) is demanding due to the sheer size and complexity of the data. Furthermore, attacks and user requests may impact each service differently, increasing the challenges of distinguishing between an attack and legitimate users accessing the website. Several approaches have been proposed to detect anomalies at the architectural level in microservice applications (e.g., using machine learning techniques). However, these approaches mainly focus on anomalies rather than attacks or intrusion. Moreover, they often limit their scope to a specific set of attributes, such as memory consumption and response time.
Objetivo
This work aims to advance the state of the art in detecting intrusions in microservice applications at the architectural level. We intend to design and implement a model capable of detecting intrusions or attacks in microservice applications at the architectural level. The primary objective is to design and implement a model that effectively detects intrusions or attacks in microservice applications. Given the inherent elasticity of these applications, this model must address the challenges associated with monitoring and analyzing the vast amount of collected data. The student will configure a comprehensive testbed to perform the experiences, research solutions for monitoring the application while considering the dynamic nature of microservices and explore the applicability of an approach to detect intrusion in a dynamic scenario (for example, machine learning and logic scoring of preference). In practice, the expected outcomes of this internship are:
A model capable of effectively detecting intrusions at the architectural level. The model will comprise monitoring and analysis components specifically designed to address the elasticity of microservice applications.
A research paper, to be submitted and presented an international conference, describing the model, its components, and experiences results.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1 M2): State of the art review on intrusion and attack detection on microservices.
T2 (M3) Configuring a testbed with microservice applications, monitoring tools, and data collector.
T3 (M3M4): Design of the architecture of the intrusion detection model.
T4 (M4) Perform experiments with intrusion detection approaches to analyze microservice applications with different numbers of services (i.e., assess the elasticity of microservice applications and its impact on detecting intrusions at runtime).
T5 (M5): Writing the Intermediate report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T6 (M6): Integration of the intermediate defense comments.
T7 (M6M7) Development of an intrusion detection model to detect intrusions in microservice applications at runtime.
T8 (M8): Execution of experiences and analysis of results.
T9 (M9): Write a research paper and submission to a top international conference in the Dependability, Security or Services areas (IEEE/IFIP Dependable Systems and Networks (dsn.org), IEEE International Conferences on Web Services (conferences.computer.org/icws), International Symposium on Software Reliability Engineering (issre.net), etc.).
T10 (M10): Writing the thesis.
Condições
The selected student will be integrated in the Software and Systems Engineering group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and all necessary computer resources will be provided.
Observações
Please contact Jessica Maciel (jesscmaciel@dei.uc.pt) or Nuno Laranjeiro (cnl@dei.uc.pt) for any questions about this proposal.
Orientador
Nuno Laranjeiro
cnl@dei.uc.pt 📩