1. SISN
  2. All Volumes and Issues
  3. Volume 18 (Part 2), 2025
  4. On Some Approaches to Intelligent Counteracting Cyberattacks Within Microservice Architecture

On Some Approaches to Intelligent Counteracting Cyberattacks Within Microservice Architecture

SISN.
2025;
Volume 18
: pp. 61 - 70
Authors:
  1. Oleksiy Oletsky
  2. Vitalii Moholivskyi
1
National University of Kyiv-Mohyla Academy, Department of Multimedia Systems, Ukraine
2
National University of Kyiv-Mohyla Academy, Department of Multimedia Systems, Ukraine

An approach to counteracting cyberattacks based on state machines within a microservice architecture is suggested. It focuses on intelligent analysis of actual and possible intrusions. The approach is devised for applications with a microservice architecture deployed on the Kubernetes platform. For purposes of the study, a special dataset has been developed. We have reproduced selected common vulnerabilities and exposures reported in 2024 and collected network traffic of intrusion cyberattacks based on them. A dataset focuses on intrusion attacks targeting software systems deployed in Kubernetes. It contains not only network data captured during attacks but also scripts to reproduce each of the studied attacks, which is particularly helpful for developing and testing intrusion response systems.

cybersecurity
cyberattack datasets
network intrusion detection
intrusion response
data mining
microservice architecture
state machines
Kubernetes
  1. Alaeifar, P., Pal, S., Jadidi, Z., Hussain, M., & Foo, E. (2024). Current approaches and future directions for cyber threat intelligence sharing: A survey. Journal of Information Security and Applications, 83, 103786. doi:10.1016/j.jisa.2024.103786
  2. Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176. doi:10.1109/comst.2015.2494502
  3. Cloud Native Computing Foundation. (2023). CNCF annual survey 2023. Retrieved from https://www.cncf.io/ reports/cncf-annual-survey-2023
  4. Common Vulnerabilities and Exposures Program. (n.d.). CVE metrics. Retrieved from https://www.cve.org/ about/Metrics
  5. Engelen, G., Rimmer, V., & Joosen, W. (2021). Troubleshooting an intrusion detection dataset: The CICIDS2017 case study. In 2021 IEEE Security and Privacy Workshops (SPW). IEEE. doi:10.1109/ spw53761.2021.00009
  6. Goldschmidt, P., & Chudá, D. (2025). Network intrusion datasets: A survey, limitations, and recommendations. arXiv. doi:10.48550/arXiv.2502.06688 IBM. (2024). Cost of a data breach 2024. Retrieved from https://www.ibm.com/reports/data-breach
  7. Inayat, Z., Gani, A., Anuar, N. B., Khan, M. K., & Anwar, S. (2016). Intrusion response systems: Foundations, design, and challenges. Journal of Network and Computer Applications, 62, 53–74. doi:10.1016/j.jnca.2015.12.006
  8. Kaul, D. (2025). Blockchain-powered cyber-resilient microservices: AI-driven intrusion prevention with zero-trust policy enforcement. SSRN Electronic Journal. doi:10.2139/ssrn.5096255
  9. Kourki Nejat, S., & Kabiri, P. (2017). An adaptive and cost-based intrusion response system. Cybernetics and Systems, 48(6–7), 495–509. doi:10.1080/01969722.2017.1319693
  10. Kwon, H.-Y., Kim, T., & Lee, M.-K. (2022). Advanced intrusion detection combining signature-based and behavior-based detection methods. Electronics, 11(6), 867. doi:10.3390/electronics11060867
  11. Moholivskyi, V. (2025). Selected CVE dataset 2024. GitHub. Retrieved from https://github.com/vitalii- moholivskyi/selected-cve-dataset-2024
  12. Moustafa, N., & Slay, J. (2015). UNSW-NB15: A comprehensive data set for network intrusion detection systems. In 2015 Military Communications and Information Systems Conference (MilCIS). IEEE. doi:10.1109/milcis.2015.7348942
  13. Moustafa, N., & Slay, J. (2016). The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal, 25(1–3), 18–31. doi:10.1080/19393555.2015.1125974
  14. Oletsky, O., & Moholivskyi, V. (2024a). Coordination of microservices using state machines. NaUKMA Research Papers. Computer Science, National University of Kyiv-Mohyla Academy, 7, 4–10. doi:10.18523/2617- 3808.2024.7.4-10
  15. Oletsky, O., & Moholivskyi, V. (2024b, November 20–21). On supervising and coordinating microservices within web applications on the basis of state machines. In Selected Papers of the XI International Scientific Conference "Information Technology and Implementation" (IT&I 2024), Kyiv, Ukraine (pp. 442–454). CEUR Workshop Proceedings. Retrieved from https://ceur-ws.org/Vol-3909/Paper_35.pdf
  16. Palaparthy, K., Reddy, Y. M., Paul, J. V., & Raju, S. (2024). Enhancing insider threat detection through integrated behavioral, signature, and anomaly based detection methods. International Journal of Scientific Research in Engineering and Management, 8(12), 1–6. doi:10.55041/ijsrem39835
  17. Sarhan, M., Layeghy, S., Moustafa, N., & Portmann, M. (2021). NetFlow datasets for machine learning-based network intrusion detection systems. In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (pp. 117–135). Cham, Switzerland: Springer. doi:10.1007/978-3-030-72802-1_9
  18. Sasi, T., Lashkari, A. H., Lu, R., Xiong, P., & Iqbal, S. (2024). An efficient self attention-based 1D-CNN- LSTM network for IoT attack detection and identification using network traffic. Journal of Information Intelligence. doi:10.1016/j.jiixd.2024.09.001
  19. Savchenko, T., Lutska, N., Vlasenko, L., Sashnova, M., Zahorulko, A., Minenko, S., Ibaiev, E., & Tytarenko, N. (2025). Risk analysis and cybersecurity enhancement of Digital Twins in dairy production. Technology Audit and Production Reserves, 2(2(82)), 37–49. https://doi.org/10.15587/2706-5448.2025.325422
  20. Sever, Y., & Dogan, A. H. (2023). A Kubernetes dataset for misuse detection. ITU Journal of Future and Evolving Technologies, 4(2), 383–388. doi:10.52953/fplr8631
  21. Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy. SCITEPRESS. doi:10.5220/0006639801080116
  22. Shafi, M., Lashkari, A. H., & Roudsari, A. H. (2025). NTLFlowLyzer: Towards generating an intrusion detection dataset and intruders’ behavior profiling through network and transport layers traffic analysis and pattern extraction. Computers & Security, 148, 104160. doi:10.1016/j.cose.2024.104160
  23. Sipser, M. (2012). Introduction to the theory of computation. Boston, MA: Thomson South-Western. Stakhanova, N., Basu, S., & Wong, J. (2007). A taxonomy of intrusion response systems. International
  24. Journal of Information and Computer Security, 1(1–2), 169–184. doi:10.1504/ijics.2007.012248
  25. Wang, K., & Stolfo, S. J. (2004). Anomalous payload-based network intrusion detection. In E. Jonsson, A. Valdes, & M. Almgren (Eds.), Recent advances in intrusion detection (pp. 203–222). Berlin, Germany: Springer. doi:10.1007/978-3-540-30143-1_11
  26. XState. (n.d.). XState documentation. Retrieved from https://xstate.js.org/docs/
  27. Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961. doi:10.1109/access.2017.2762418