{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T19:19:14Z","timestamp":1776885554100,"version":"3.51.2"},"reference-count":46,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2024,3,23]],"date-time":"2024-03-23T00:00:00Z","timestamp":1711152000000},"content-version":"vor","delay-in-days":82,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100002081","name":"Irish Research Council","doi-asserted-by":"publisher","award":["GOIPG\/2021\/288"],"award-info":[{"award-number":["GOIPG\/2021\/288"]}],"id":[{"id":"10.13039\/501100002081","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"Abstract<\/jats:title>\n Serverless computing is an ever-growing programming paradigm being adopted by developers all over the world. Its highly scalable, automatic load balancing, and pay for what you use design is a powerful tool that can also greatly reduce operational costs. However, these advantages also leave serverless computing open to a unique threat, Denial-of-Wallet (DoW). It is the intentional targeting of serverless function endpoints with request traffic in order to artificially raise the usage bills for the application owner. A subset of these attacks are leeches. They perform DoW at a rate that could go undetected as it is not a sudden violent influx of requests. We devise a means of detecting such attacks by utilizing a novel approach of representing request traffic as heat maps and training an image classification algorithm to distinguish between normal and malicious traffic behaviour. Our classifier utilizes convolutional neural networks and achieves 97.98% accuracy. We then design a system for the implementation of this model that would allow application owners to monitor their traffic in real time for suspicious behaviour.<\/jats:p>","DOI":"10.1093\/cybsec\/tyae004","type":"journal-article","created":{"date-parts":[[2024,3,23]],"date-time":"2024-03-23T14:03:16Z","timestamp":1711202596000},"source":"Crossref","is-referenced-by-count":9,"title":["DoWNet\u2014classification of Denial-of-Wallet attacks on serverless application traffic"],"prefix":"10.1093","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3116-6797","authenticated-orcid":false,"given":"Daniel","family":"Kelly","sequence":"first","affiliation":[{"name":"School of Computer Science, University of Galway , University Rd, H91TK33 Galway ,","place":["Ireland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3363-2090","authenticated-orcid":false,"given":"Frank G","family":"Glavin","sequence":"additional","affiliation":[{"name":"School of Computer Science, University of Galway , University Rd, H91TK33 Galway ,","place":["Ireland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9876-8717","authenticated-orcid":false,"given":"Enda","family":"Barrett","sequence":"additional","affiliation":[{"name":"School of Computer Science, University of Galway , University Rd, H91TK33 Galway ,","place":["Ireland"]}]}],"member":"286","published-online":{"date-parts":[[2024,3,23]]},"reference":[{"key":"2024121909141411100_bib1","article-title":"The Serverless Computing Market in 2022","author":"Ot","year":"2022"},{"key":"2024121909141411100_bib2","first-page":"102843","article-title":"Denial of wallet\u2014defining a looming threat to serverless computing","volume":"60","author":"Kelly","year":"2021","journal-title":"J Inf Sc"},{"key":"2024121909141411100_bib3","first-page":"2627","article-title":"Gringotts: fast and accurate internal Denial-of-Wallet detection for serverless computing","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201922","author":"Shen","year":"2022"},{"key":"2024121909141411100_bib4","article-title":"Serverless, shadow APIs and Denial of Wallet attacks","author":"Dooley","year":"2019"},{"key":"2024121909141411100_bib5","article-title":"Severe truth about serverless security and ways to mitigate major risks","author":"Sachenko","year":"2020"},{"key":"2024121909141411100_bib6","article-title":"Fantastic Serverless security risks, and where to find them","author":"Rahic","year":"2018"},{"key":"2024121909141411100_bib7","article-title":"The ten most critical security risks in serverless architecture","author":"Pursec","year":"2018"},{"key":"2024121909141411100_bib8","article-title":"OWASP Top 10 (2017) Interpretation for Serverless","author":"OWASP"},{"key":"2024121909141411100_bib9","article-title":"Security Overview of AWS Lambda","author":"AWS","year":"2021"},{"key":"2024121909141411100_bib10","article-title":"Serverless Applications Lens AWS Well-Architected. Framework","author":"AWS","year":"2019"},{"issue":"2","key":"2024121909141411100_bib11","first-page":"1","article-title":"DoWTS\u2013Denial-of-Wallet test simulator: synthetic data generation for preemptive defence","volume":"60","author":"Kelly","year":"2022","journal-title":"J Intell Inf Syst"},{"key":"2024121909141411100_bib12","article-title":"Not saying you should but we\u2019re told it\u2019s possible to land serverless app a \u2018$40K\/month bill using a 1,000-node botnet\u2019","author":"Claburn","year":"2021"},{"key":"2024121909141411100_bib13","first-page":"1","article-title":"Distributed Denial of Wallet attack on serverless pay-as-you-go model","volume-title":"2022 30th Telecommunications Forum (TELFOR)","author":"Mileski","year":"2022"},{"key":"2024121909141411100_bib14","first-page":"2627","article-title":"Gringotts: fast and accurate internal denial-of-wallet detection for serverless computing","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201922","author":"Shen","year":"2022"},{"key":"2024121909141411100_bib15","doi-asserted-by":"crossref","first-page":"939","DOI":"10.1145\/3366423.3380173","article-title":"Valve: securing function workflows on serverless computing platforms","volume-title":"Proceedings of The Web Conference 2020","author":"Datta","year":"2020"},{"key":"2024121909141411100_bib16","article-title":"OWASP API Security Project","author":"OWASP","year":"2019"},{"key":"2024121909141411100_bib17","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1109\/Ubi-Media.2019.00067","article-title":"A scheme to create simulated test items for facilitating the assessment in web security subject","volume-title":"2019 Twelfth International Conference on Ubi-Media Computing (Ubi-Media)","author":"Su","year":"2019"},{"key":"2024121909141411100_bib18","first-page":"215","article-title":"An effective cybersecurity exercises platform CyExec and its training contents","volume":"10","author":"Maki","year":"2020","journal-title":"Int J Inform Educ Technol"},{"key":"2024121909141411100_bib19","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1109\/IES53407.2021.9593934","article-title":"Development of vulnerable web application based on OWASP API security risks","volume-title":"2021 International Electronics Symposium (IES)","author":"Idris","year":"2021"},{"key":"2024121909141411100_bib20","article-title":"Image classification","author":"Wang","year":"2019"},{"key":"2024121909141411100_bib21","article-title":"Imagenet Large Scale Visual Recognition Challenge (ILSVRC)","author":"ImageNet"},{"key":"2024121909141411100_bib22","article-title":"Very deep convolutional networks for large-scale image recognition","author":"Simonyan","year":"4 2014"},{"key":"2024121909141411100_bib23","first-page":"770","article-title":"Deep residual learning for image recognition","volume-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition","author":"He","year":"2015"},{"key":"2024121909141411100_bib24","article-title":"SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <0.5 MB model size","author":"Iandola","year":"24 2016"},{"key":"2024121909141411100_bib25","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1145\/3065386","article-title":"Imagenet classification with deep convolutional neural networks","volume":"60","author":"Krizhevsky","year":"2017","journal-title":"Commun ACM"},{"key":"2024121909141411100_bib26","first-page":"1251","article-title":"Xception: Deep learning with depthwise separable convolutions","volume-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition","author":"Chollet","year":"2016"},{"key":"2024121909141411100_bib27","first-page":"2818","article-title":"Rethinking the inception architecture for computer vision","volume-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition","author":"Szegedy","year":"2016"},{"key":"2024121909141411100_bib28","first-page":"4510","article-title":"Mobilenetv2: Inverted residuals and linear bottlenecks","volume-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition","author":"Sandler","year":"2018"},{"key":"2024121909141411100_bib29","article-title":"A deep learning based DDoS detection system in software-defined networking (SDN)","author":"Niyaz","year":"22 2016"},{"key":"2024121909141411100_bib30","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/CSCloud.2017.58","article-title":"Machine learning based DDoS attack detection from source side in cloud","volume-title":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","author":"He","year":"2017"},{"key":"2024121909141411100_bib31","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1109\/ESCI48226.2020.9167642","article-title":"Machine learning based DDoS detection","volume-title":"2020 International Conference on Emerging Smart Computing and Informatics (ESCI)","author":"Priya","year":"2020"},{"key":"2024121909141411100_bib32","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1007\/s10207-019-00453-y","article-title":"Feature dynamic deep learning approach for DDoS mitigation within the ISP domain","volume":"19","author":"Ko","year":"2020","journal-title":"Int J Inf Secur"},{"key":"2024121909141411100_bib33","article-title":"BoNeSi","author":"Markus-Go"},{"key":"2024121909141411100_bib34","doi-asserted-by":"crossref","DOI":"10.1145\/2016904.2016908","article-title":"Malware images: visualization and automatic classification","volume-title":"Proceedings of the 8th International Symposium on Visualization for Cyber Security. VizSec \u201911","author":"Nataraj","year":"2011"},{"key":"2024121909141411100_bib35","doi-asserted-by":"crossref","first-page":"4664","DOI":"10.1109\/BigData.2017.8258512","article-title":"Binary malware image classification using machine learning with local binary pattern","volume-title":"2017 IEEE International Conference on Big Data (Big Data)","author":"Luo","year":"2017"},{"key":"2024121909141411100_bib36","article-title":"Malnet: a large-scale cybersecurity image database of malicious software","author":"Freitas","year":"31 2021"},{"key":"2024121909141411100_bib37","doi-asserted-by":"crossref","first-page":"102007","DOI":"10.1109\/ACCESS.2020.2999320","article-title":"Msic: malware spectrogram image classification","volume":"8","author":"Azab","year":"2020","journal-title":"IEEE Access"},{"key":"2024121909141411100_bib38","doi-asserted-by":"crossref","first-page":"712","DOI":"10.1109\/ICOIN.2017.7899588","article-title":"Malware traffic classification using convolutional neural network for representation learning","volume-title":"2017 International Conference on Information Networking (ICOIN)","author":"Wang","year":"2017"},{"key":"2024121909141411100_bib39","first-page":"7","article-title":"Leveraging image representation of network traffic data and transfer learning in botnet detection","volume":"2","author":"Taheri","year":"2018","journal-title":"Big Data Cogn Comput"},{"key":"2024121909141411100_bib40","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","article-title":"An empirical comparison of botnet detection methods","volume":"45","author":"Garcia","year":"2014","journal-title":"Comput Sec"},{"key":"2024121909141411100_bib41","first-page":"96","article-title":"Analysis of machine learning techniques for lightweight DDoS attack detection on IoT Networks","volume-title":"International Conference on Forthcoming Networks and Sustainability in the IoT Era","author":"McCullough","year":"2020"},{"key":"2024121909141411100_bib42","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1109\/CLOUD49709.2020.00050","article-title":"Serverless computing: behind the scenes of major platforms","volume-title":"2020 IEEE 13th International Conference on Cloud Computing (CLOUD)","author":"Kelly","year":"2020"},{"key":"2024121909141411100_bib43","article-title":"Keras documentation: Keras applications"},{"key":"2024121909141411100_bib44","article-title":"Wild Rydes","author":"AWS"},{"key":"2024121909141411100_bib45","article-title":"Building a location-based, scalable, serverless web app","author":"Beswick","year":"2020"},{"key":"2024121909141411100_bib46","article-title":"Single gramian angular field","author":"PYTS"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae004\/61182484\/tyae004.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae004\/61182484\/tyae004.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,19]],"date-time":"2024-12-19T09:14:40Z","timestamp":1734599680000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyae004\/7634012"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,1]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,2]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyae004","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,1,1]]},"published":{"date-parts":[[2024,1,1]]},"article-number":"tyae004"}}