Grunt Attack: Exploiting Execution Dependencies in Microservices

Xuhang Gu; Qingyang Wang; Jianshu Liu; Jinpeng Wei

doi:10.1109/DSN58291.2024.00025

Grunt Attack: Exploiting Execution Dependencies in Microservices

Xuhang Gu, Qingyang Wang, Jianshu Liu, Jinpeng Wei

Computer Science Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Loosely-coupled and lightweight microservices running in containers are likely to form complex execution dependencies inside the system. The execution dependency arises when two execution paths partially share component microservices, resulting in potential runtime blocking effects. In this paper, we present Grunt Attack - a novel low-volume DDoS attack that takes advantage of the execution dependencies of microservice applications. Grunt Attack utilizes legitimate HTTP requests to accurately profile the internal pairwise dependencies of all supported execution paths in the target system. By grouping and characterizing all the execution paths based on their pairwise dependencies, the Grunt attacker can target only a few execution paths to launch a low-volume DDoS attack that achieves large performance damage to the entire system. To increase the attack stealthiness, the Grunt attacker avoids creating a persistent bottleneck by alternating the target execution paths within their dependency group. We validate the effectiveness of Grunt attack through experiments of open-source microservices benchmark applications on real clouds (e.g., EC2, Azure) equipped with state-of-the-art IDS/IPS systems and live attack scenarios. Our results show that Grunt attack consumes less than 20% additional CPU resource of the target system while increasing its average response time by over 10x.

Original language	English
Title of host publication	Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	115-128
Number of pages	14
ISBN (Electronic)	9798350341058
DOIs	https://doi.org/10.1109/DSN58291.2024.00025
State	Published - 2024
Event	54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024 - Brisbane, Australia Duration: 24 Jun 2024 → 27 Jun 2024

Publication series

Name	Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024

Conference

Conference	54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024
Country/Territory	Australia
City	Brisbane
Period	24/06/24 → 27/06/24

Keywords

DDoS attack
Microservices
SLA violations

Access to Document

10.1109/DSN58291.2024.00025

Cite this

Gu, X., Wang, Q., Liu, J., & Wei, J. (2024). Grunt Attack: Exploiting Execution Dependencies in Microservices. In Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024 (pp. 115-128). (Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN58291.2024.00025

Gu, Xuhang ; Wang, Qingyang ; Liu, Jianshu et al. / Grunt Attack : Exploiting Execution Dependencies in Microservices. Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 115-128 (Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024).

@inproceedings{ff6841a14ff94829aabbc7b99306c7b6,

title = "Grunt Attack: Exploiting Execution Dependencies in Microservices",

abstract = "Loosely-coupled and lightweight microservices running in containers are likely to form complex execution dependencies inside the system. The execution dependency arises when two execution paths partially share component microservices, resulting in potential runtime blocking effects. In this paper, we present Grunt Attack - a novel low-volume DDoS attack that takes advantage of the execution dependencies of microservice applications. Grunt Attack utilizes legitimate HTTP requests to accurately profile the internal pairwise dependencies of all supported execution paths in the target system. By grouping and characterizing all the execution paths based on their pairwise dependencies, the Grunt attacker can target only a few execution paths to launch a low-volume DDoS attack that achieves large performance damage to the entire system. To increase the attack stealthiness, the Grunt attacker avoids creating a persistent bottleneck by alternating the target execution paths within their dependency group. We validate the effectiveness of Grunt attack through experiments of open-source microservices benchmark applications on real clouds (e.g., EC2, Azure) equipped with state-of-the-art IDS/IPS systems and live attack scenarios. Our results show that Grunt attack consumes less than 20% additional CPU resource of the target system while increasing its average response time by over 10x.",

keywords = "DDoS attack, Microservices, SLA violations",

author = "Xuhang Gu and Qingyang Wang and Jianshu Liu and Jinpeng Wei",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024 ; Conference date: 24-06-2024 Through 27-06-2024",

year = "2024",

doi = "10.1109/DSN58291.2024.00025",

language = "English",

series = "Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "115--128",

booktitle = "Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024",

}

Gu, X, Wang, Q, Liu, J & Wei, J 2024, Grunt Attack: Exploiting Execution Dependencies in Microservices. in Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024. Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024, Institute of Electrical and Electronics Engineers Inc., pp. 115-128, 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024, Brisbane, Australia, 24/06/24. https://doi.org/10.1109/DSN58291.2024.00025

Grunt Attack: Exploiting Execution Dependencies in Microservices. / Gu, Xuhang; Wang, Qingyang; Liu, Jianshu et al.
Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024. Institute of Electrical and Electronics Engineers Inc., 2024. p. 115-128 (Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Grunt Attack

T2 - 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024

AU - Gu, Xuhang

AU - Wang, Qingyang

AU - Liu, Jianshu

AU - Wei, Jinpeng

PY - 2024

Y1 - 2024

N2 - Loosely-coupled and lightweight microservices running in containers are likely to form complex execution dependencies inside the system. The execution dependency arises when two execution paths partially share component microservices, resulting in potential runtime blocking effects. In this paper, we present Grunt Attack - a novel low-volume DDoS attack that takes advantage of the execution dependencies of microservice applications. Grunt Attack utilizes legitimate HTTP requests to accurately profile the internal pairwise dependencies of all supported execution paths in the target system. By grouping and characterizing all the execution paths based on their pairwise dependencies, the Grunt attacker can target only a few execution paths to launch a low-volume DDoS attack that achieves large performance damage to the entire system. To increase the attack stealthiness, the Grunt attacker avoids creating a persistent bottleneck by alternating the target execution paths within their dependency group. We validate the effectiveness of Grunt attack through experiments of open-source microservices benchmark applications on real clouds (e.g., EC2, Azure) equipped with state-of-the-art IDS/IPS systems and live attack scenarios. Our results show that Grunt attack consumes less than 20% additional CPU resource of the target system while increasing its average response time by over 10x.

AB - Loosely-coupled and lightweight microservices running in containers are likely to form complex execution dependencies inside the system. The execution dependency arises when two execution paths partially share component microservices, resulting in potential runtime blocking effects. In this paper, we present Grunt Attack - a novel low-volume DDoS attack that takes advantage of the execution dependencies of microservice applications. Grunt Attack utilizes legitimate HTTP requests to accurately profile the internal pairwise dependencies of all supported execution paths in the target system. By grouping and characterizing all the execution paths based on their pairwise dependencies, the Grunt attacker can target only a few execution paths to launch a low-volume DDoS attack that achieves large performance damage to the entire system. To increase the attack stealthiness, the Grunt attacker avoids creating a persistent bottleneck by alternating the target execution paths within their dependency group. We validate the effectiveness of Grunt attack through experiments of open-source microservices benchmark applications on real clouds (e.g., EC2, Azure) equipped with state-of-the-art IDS/IPS systems and live attack scenarios. Our results show that Grunt attack consumes less than 20% additional CPU resource of the target system while increasing its average response time by over 10x.

KW - DDoS attack

KW - Microservices

KW - SLA violations

UR - http://www.scopus.com/inward/record.url?scp=85203827671&partnerID=8YFLogxK

U2 - 10.1109/DSN58291.2024.00025

DO - 10.1109/DSN58291.2024.00025

M3 - Conference contribution

AN - SCOPUS:85203827671

T3 - Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024

SP - 115

EP - 128

BT - Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 24 June 2024 through 27 June 2024

ER -

Gu X, Wang Q, Liu J, Wei J. Grunt Attack: Exploiting Execution Dependencies in Microservices. In Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 115-128. (Proceedings - 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2024). doi: 10.1109/DSN58291.2024.00025

Grunt Attack: Exploiting Execution Dependencies in Microservices

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this