Sandnet: Towards High Quality of Deception in Container-Based Microservice Architectures

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Abstract

Responding to network security incidents requires interference with ongoing attacks to restore the security of services running on production systems. This approach prevents damage, but drastically impedes the collection of threat intelligence and the analysis of vulnerabilities, exploits, and attack strategies. We propose the live confinement of suspicious microservices into a sandbox network that allows to monitor and analyze ongoing attacks under quarantine and that retains an image of the vulnerable and open production network. A successful sandboxing requires that it happens completely transparent to and cannot be detected by an attacker. Therefore, we introduce a novel metric to measure the Quality of Deception (QoD) and use it to evaluate three proposed network deception mechanisms. Our evaluation results indicate that in our evaluation scenario in best case, an optimal QoD is achieved. In worst case, only a small downtime of approx. 3s per microservice (MS) occurs and thus a momentary drop in QoD to 70.26% before it converges back to optimum as the quarantined services are restored.

Details

OriginalspracheEnglisch
Titel2019 IEEE International Conference on Communications, ICC 2019 - Proceedings
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
ISBN (elektronisch)978-1-5386-8088-9
PublikationsstatusVeröffentlicht - Mai 2019
Peer-Review-StatusJa

Publikationsreihe

ReiheIEEE International Conference on Communications (ICC)
Band2019-May
ISSN1550-3607

Konferenz

Titel2019 IEEE International Conference on Communications, ICC 2019
Dauer20 - 24 Mai 2019
StadtShanghai
LandChina

Externe IDs

Scopus 85070225473
ORCID /0000-0001-8469-9573/work/161891032