Research Of Anomaly Detection Based On Feature Rules For Mircoservice Architecture

Micro-service architecture is a highly scalable,available service architecture which is easy to maintain and update,with the increasing popularity of micro-service architecture,microservice security issues are also of concern.Micro-service applications are composed of many micro-services,micro-service is mutually trusted,making micro-service more vulnerable to internal attacks,in addition,micro-service also faces some threats to authority.The anomaly detection of micro-services focuses on how to monitor the running status of micro-service applications,from which to find out the abnormal situation,which is of great significance.By analyzing the invocation scenario under the micro-service architecture,three kinds of anomalies such as the anomaly of the micro-service invocation path,the anomaly of the micro-service invocation level and the order,the function and the user role mapping anomaly in the micro service invocation process,combined with the application intrusion detection technology,An anomaly detection resolution based on feature rules is proposed.The resolution consists of two parts of distributed tracking and anomaly detection.Distributed tracking will monitor each invocation and generate tracking data,by analyzing the tracking data,you can restore the invocation scene,so as to provide a data source for anomaly detection.The anomaly detection part takes the functional features and the authority features into consideration.The feature rules can be extracted from the log,the set of feature rules is maintained,and the anomaly of feature rules can be detected.And then the micro-service anomaly detection system under a distributed environment is implimented,the three kinds of anomalies can be effectively detected.The experimental platform is designed,and the extraction algorithm,learning algorithm,detection algorithm for anomaly detection is validated,the final results show that the extraction algorithm can detect tampering or loss of the log,and can extract the feature rules from records;learning algorithm can maintain three kinds of relationship of the rule set and the completeness of the final rules is ensured;the three stage detection algorithm can detected different anomalies corresponding to their call feature,the false posivte rate,false negative rate is relatively low.