DoWNet—classification of Denial-of-Wallet attacks on serverless application traffic

Serverless computing is an ever-growing programming paradigm being adopted by developers all over the world. Its highly scalable, automatic load balancing, and pay for what you use design is a powerful tool that can also greatly reduce operational costs. However, these advantages also leave serverle...

Full description

Saved in:
Bibliographic Details
Published in:Journal of cybersecurity (Oxford) 2024-01, Vol.10 (1)
Main Authors: Kelly, Daniel, Glavin, Frank G, Barrett, Enda
Format: Article
Language:English
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Serverless computing is an ever-growing programming paradigm being adopted by developers all over the world. Its highly scalable, automatic load balancing, and pay for what you use design is a powerful tool that can also greatly reduce operational costs. However, these advantages also leave serverless computing open to a unique threat, Denial-of-Wallet (DoW). It is the intentional targeting of serverless function endpoints with request traffic in order to artificially raise the usage bills for the application owner. A subset of these attacks are leeches. They perform DoW at a rate that could go undetected as it is not a sudden violent influx of requests. We devise a means of detecting such attacks by utilizing a novel approach of representing request traffic as heat maps and training an image classification algorithm to distinguish between normal and malicious traffic behaviour. Our classifier utilizes convolutional neural networks and achieves 97.98% accuracy. We then design a system for the implementation of this model that would allow application owners to monitor their traffic in real time for suspicious behaviour.
ISSN:2057-2085
2057-2093
DOI:10.1093/cybsec/tyae004