ERINYES: Request-Level Provenance Analysis for Serverless Attacks

Xi, Hao; Wan, Hai; Zhao, Xibin; Guizani, Mohsen

Item

ERINYES: Request-Level Provenance Analysis for Serverless Attacks

Xi, Hao
;
Wan, Hai
;
Zhao, Xibin
;
Guizani, Mohsen

Author

Xi, Hao
Wan, Hai
Zhao, Xibin
Guizani, Mohsen

Department

Machine Learning

Type

Journal article

Date

2025

Language

English

Collections

Publications

Show all metadata

Abstract

The serverless architecture has attracted significant attention due to its cost-effectiveness and ease of management. However, the serverless framework increases the attack surface of applications, resulting in frequent security incidents. Consequently, conducting comprehensive attack investigation and analysis in serverless applications has become critically important. Current serverless investigation methods face challenges such as dependency explosion (DE), incomplete information records, and lack of user transparency. These challenges lead to inadequate visibility of application interaction behaviors, complicating effective attack investigation and analysis. To mitigate these issues, this paper introduces Erinyes, a solution that facilitates request-level attack investigation and analysis in serverless environments through the construction of provenance graph. Erinyes improves the visibility of serverless applications via three core components. The partition enabling module effectively partitions function operations based on incoming requests; the log collection module is responsible for aggregating audit and network logs pertinent to function operations; and the provenance graph builder consolidates and parses the collected logs into a comprehensive provenance graph. Erinyes has been evaluated on the OpenFaaS platform in 5 distinct attack scenarios, achieving an average accuracy of 99.6% in execution partition, a completeness of 100% in provenance graph, and an average runtime overhead of 7.05%.

Citation

H. Xi, H. Wan, X. Zhao and M. Guizani, "ERINYES: Request-Level Provenance Analysis for Serverless Attacks," in IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2025.3628339

Source

IEEE Transactions on Dependable and Secure Computing, 2025

Keywords

Attack Investigation, Serverless, Provenance Graph

Publisher

IEEE

DOI

10.1109/TDSC.2025.3628339

Additional links

https://ieeexplore.ieee.org/document/11224542

ERINYES: Request-Level Provenance Analysis for Serverless Attacks

Xi, Hao
;
Wan, Hai
;
Zhao, Xibin
;
Guizani, Mohsen

Author

Supervisor

Department

Embargo End Date

Type

Date

License

Language

Collections

Research Projects

Organizational Units

Journal Issue

Abstract

Citation

Source

Conference

Keywords

Subjects

Source

Publisher

DOI

Additional links

Full-text link

ERINYES: Request-Level Provenance Analysis for Serverless Attacks

Xi, Hao ; Wan, Hai ; Zhao, Xibin ; Guizani, Mohsen

Author

Supervisor

Department

Embargo End Date

Type

Date

License

Language

Collections

Research Projects

Organizational Units

Journal Issue

Abstract

Citation

Source

Conference

Keywords

Subjects

Source

Publisher

DOI

Additional links

Full-text link

Xi, Hao
;
Wan, Hai
;
Zhao, Xibin
;
Guizani, Mohsen