Evaluation of Machine Learning for Intrusion Detection in Microservice Applications

Abstract

Microservices have thrived recently as an approach for service design, development, and delivery. It provides several benefits to the systems as an architecture, such as faster delivery, improved scalability, and greater autonomy. Although microservice architectures are popular, security characteristics of these architectures impair the deployment of security, such as sizable attack surface, network complexity, heterogeneity, and others. For years, intrusion detection has been a practical security approach for many applications. Recently, machine learning provided improved functionality for intrusion detection systems with exciting results in overall tests. This paper presents the evaluation of machine learning techniques for intrusion detection in a microservice scenario. System call data was collected from containers simulating microservice applications; these containers were submitted to attacks that exploited different vulnerabilities. The data was used to train and test machine learning techniques, and the test results provided us with exciting possibilities for this approach. Some of the tested attacks were very well detected by the techniques, while some were not, attesting that machine-learning-based intrusion detection is usable in this environment. However, to enhance detection, it is required to improve data processing and representation for this type of scenario.