Securing microservices against password guess attacks using hardware performance counters
dc.contributor.author | Kadiyala, Sai Praveen | |
dc.contributor.author | Li, Xiaolan | |
dc.contributor.author | Lee, Wonjun | |
dc.contributor.author | Catlin, Andrew Gar | |
dc.contributor.orcid | 0000-0001-5996-2421 | en_US |
dc.date.accessioned | 2023-11-21T17:55:47Z | |
dc.date.available | 2023-11-21T17:55:47Z | |
dc.date.issued | 2022-09 | |
dc.description | Scholarly article | en_US |
dc.description.abstract | Modern customer-facing applications need to be easy to use, localizable, and to scale out to serve large customer bases. Microservice architectures have the potential to decentralize functionality, improve flexibility, and provide faster time to market of incremental changes. However, applications implemented as microservices also have a larger surface area, which may make them more prone to cyber attacks. Modern operating systems provide performance counters which are tamper-resistant, and can be used to track the run-time behavior of applications. In this work, we aim to detect a password guess attack on microservice using performance counter data. Our approach consists of modelling behavior of normal and attack user login requests, identification of key performance counters that effectively distinguish these requests and developing a machine learning model that classifies unknown login requests. A fully connected neural network-based classification model gave us 98.3% test accuracy in detecting the attacks with a false negative rate of 1.6%. | en_US |
dc.identifier.citation | Kadiyala, S. P., Li, X., Lee, W., & Catlin, A. (2022, September). Securing microservices against password guess attacks using hardware performance counters [Conference session?]. In 2022 IEEE 35th International System-on-Chip Conference (SOCC) (pp. 1-6). Belfast, UK. http://doi.org/10.1109/SOCC56010.2022.9908109 | en_US |
dc.identifier.doi | http://doi.org/10.1109/SOCC56010.2022.9908109 | en_US |
dc.identifier.uri | https://hdl.handle.net/20.500.12202/9505 | |
dc.language.iso | en_US | en_US |
dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | en_US |
dc.relation.ispartofseries | 2022 IEEE 35th International System-on-Chip Conference (SOCC); | |
dc.rights | Attribution-NonCommercial-NoDerivs 3.0 United States | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/us/ | * |
dc.subject | microservices | en_US |
dc.subject | modern operating systems | en_US |
dc.subject | password guess attack | en_US |
dc.title | Securing microservices against password guess attacks using hardware performance counters | en_US |
dc.type | Article | en_US |
local.yu.facultypage | https://www.yu.edu/faculty/pages/catlin-andrew | en_US |