Securing microservices against password guess attacks using hardware performance counters

dc.contributor.authorKadiyala, Sai Praveen
dc.contributor.authorLi, Xiaolan
dc.contributor.authorLee, Wonjun
dc.contributor.authorCatlin, Andrew Gar
dc.contributor.orcid0000-0001-5996-2421en_US
dc.date.accessioned2023-11-21T17:55:47Z
dc.date.available2023-11-21T17:55:47Z
dc.date.issued2022-09
dc.descriptionScholarly articleen_US
dc.description.abstractModern customer-facing applications need to be easy to use, localizable, and to scale out to serve large customer bases. Microservice architectures have the potential to decentralize functionality, improve flexibility, and provide faster time to market of incremental changes. However, applications implemented as microservices also have a larger surface area, which may make them more prone to cyber attacks. Modern operating systems provide performance counters which are tamper-resistant, and can be used to track the run-time behavior of applications. In this work, we aim to detect a password guess attack on microservice using performance counter data. Our approach consists of modelling behavior of normal and attack user login requests, identification of key performance counters that effectively distinguish these requests and developing a machine learning model that classifies unknown login requests. A fully connected neural network-based classification model gave us 98.3% test accuracy in detecting the attacks with a false negative rate of 1.6%.en_US
dc.identifier.citationKadiyala, S. P., Li, X., Lee, W., & Catlin, A. (2022, September). Securing microservices against password guess attacks using hardware performance counters [Conference session?]. In 2022 IEEE 35th International System-on-Chip Conference (SOCC) (pp. 1-6). Belfast, UK. http://doi.org/10.1109/SOCC56010.2022.9908109en_US
dc.identifier.doihttp://doi.org/10.1109/SOCC56010.2022.9908109en_US
dc.identifier.urihttps://hdl.handle.net/20.500.12202/9505
dc.language.isoen_USen_US
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)en_US
dc.relation.ispartofseries2022 IEEE 35th International System-on-Chip Conference (SOCC);
dc.rightsAttribution-NonCommercial-NoDerivs 3.0 United States*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/us/*
dc.subjectmicroservicesen_US
dc.subjectmodern operating systemsen_US
dc.subjectpassword guess attacken_US
dc.titleSecuring microservices against password guess attacks using hardware performance countersen_US
dc.typeArticleen_US
local.yu.facultypagehttps://www.yu.edu/faculty/pages/catlin-andrewen_US

Files