In recent years, detecting sophisticated attacks in distributed microservice environments has become increasingly challenging, mainly due to containerization, which adds another dimension of complexity for collecting the system logs and the lack of applications designed with known vulnerabilities for reproducibility and experimentation. This paper presents a framework called µProv for generating robust, scalable, and dynamic provenance graphs to aid in attack investigation over distributed microservice architectures. Our approach captures fine-grained, system-level interactions across microservices leveraging eBPF and constructs dynamic runtime provenance graphs representing the causal relationships between processes, files, and network activities. We integrate real-world attack scenarios with known vulnerabilities into our system to evaluate its effectiveness. Through extensive empirical analysis, we demonstrate that µProv offers improved accuracy, scalability, and granularity compared to traditional logging methods.
The shift from monolithic services to microservices brings modularity and elasticity, but detecting faults and anomalies is challenging due to diverse data and evolving technology. The heterogeneous nature of this data complicates the analysis of anomaly signatures across various dimensions. Given the continuous evolution of this technology, exhaustively learning from historical data poses difficulties. To address these challenges, we present URCD, a solution designed to identify and localize faults or anomalies at the application and service level. Remarkably, URCD achieves this without explicit training on faulty data. Our approach integrates heterogeneous microservice data into a bidirectional weighted graph, leveraging a sophisticated Hyper Graph Attention Network (HGAN) model to process heterogeneous data logs generated by microservices. Our evaluation shows the optimal performance of URCD while detecting root cause of anomalies.
Provenance tracking has been widely used in the recent literature to debug system vulnerabilities and find the root causes behind faults, errors, or crashes over a running system. However, the existing approaches primarily developed graph-based models for provenance tracking over monolithic applications running directly over the operating system kernel. In contrast, the modern DevOps-based service-oriented architecture relies on distributed platforms, like serverless computing that uses container-based sandboxing over the kernel. Provenance tracking over such a distributed micro-service architecture is challenging, as the application and system logs are generated asynchronously and follow heterogeneous nomenclature and logging formats. This paper develops a novel approach to combining system and micro- services logs together to generate a Universal Provenance Graph (UPG) that can be used for provenance tracking over serverless architecture. We develop a Loadable Kernel Module (LKM) for runtime unit identification over the logs by intercepting the system calls with the help from the control flow graphs over the static application binaries. Finally, we design a regular expression-based log optimization method for reverse query parsing over the generated UPG. A thorough evaluation of the proposed UPG model with different benchmarked serverless applications shows the system’s effectiveness.
Disbursing information in real-life noisy environ- ments is challenging. The problem gets further compounded when the users of the system are aged or have sensory impaire- ments. We, in this paper, develop a system called SilentInformer, for advanced information sharing ,over smartphones, by exploit- ing inaudible acoustic signals. The results depict the potential of the system by achieving a minimum bit error rate (BER) ≤ 10% with message length ≤ 4 symbols and an average BER ≤ 30% with a message length ≤ 8 symbols, from a distance of 27ft in realistic outdoor conditions.
