Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A Multimodal Immune System Inspired Defense Architecture for Detecting and Deterring Digital Pathogens in Container Hosted Web Services
With the increased use of web technologies, microservices, and Application Programming Interface (API) for integration between systems, and with the development of containerization of services on operating system level as a method of isolating system execution and for easing the deployment and scali...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
AUC Knowledge Fountain
2023
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| Summary: | With the increased use of web technologies, microservices, and Application Programming Interface (API) for integration between systems, and with the development of containerization of services on operating system level as a method of isolating system execution and for easing the deployment and scaling of systems, there is a growing need as well as opportunities for providing platforms that improve the security of such services. In our work, we propose an architecture for a containerization platform that utilizes various concepts derived from the human immune system. The goal of the proposed containerization platform is to introduce the concept of slowing down or throttling suspected malicious digital pathogens (intrusions) to reduce their damage footprint while providing more opportunities for forensic inspection of suspected pathogens in addition to the ability to snapshot, rollback, and recover from possible damage. A similar technique is widely used in network-based intrusion detection. The proposed platform also leverages existing intrusion detection algorithms by integrating and orchestrating their cooperative operation for more effective intrusion detection. We show how this model reduces the damage footprint of intrusions and gives greater time window for forensic investigation. Moreover, during our experiments, we were surprised that our platform has uncovered previously unknown design flaws in our system being tested that resulted in internal DDoS-like attacks by submodules of the system itself rather than external intrusions. This was an interesting outcome that we reported to the software maker, and they were happy to learn about it. |
|---|