Analysis of Monolithic and Microservice Architectures Using Client-Side Inference and Statistical Modeling: A Case Study Approach
Subject Areas : Computer Engineeringhamidreza naseri 1 * , Hoda Avazzadeh 2 , Mehdi Ghasemi 3
1 - Faculty Member, Department of Computer Engineering, Bandar Abbas Branch, Islamic Azad University, Bandar Abbas, Iran
2 - دانشکده فنی و مهندسی ، دانشگاه ازاد بندرعباس، ایران
3 - ministery of educational system Hormozgan, Iran
Keywords: Client-Side Threat Analysis , Microservices Security, System Architecture Inference ,
Abstract :
In the evolving context of web-based system deployment, software architectural design—monolithic or microservice—is the deciding factor for its security posture. This paper presents a novel client-side solution for system architecture inference and evaluation of performance-related threats through browser-level resource monitoring and Gaussian Mixture Model (GMM) clustering of response times. By analyzing actual systems such as Digikala and Jonoob Iran, the work discovers unequivocal signs of architecture: high domain heterogeneity and modular latency clusters in microservices, and centralized domain usage with persistent latency in monolithic systems. The work not only confirms theoretical differences but also presents a lightweight, non-intrusive diagnostics infrastructure for architecturally classifying systems and detecting anomalies, with broad red teaming, DevOps monitoring, and security auditing implications. The approach enhances theoretical as well as practical solutions to architecture-sensitive threat analysis in access-controlled environments.
1. Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., & Safina, L. (2017). Microservices: Yesterday, today, and tomorrow. Present Ulterior Software Engineering, 195–216. https://doi.org/10.1007/978-3-319-67425-4_12
2. Almeida, W. H. C., de Aguiar Monteiro, L., Hazin, R. R., de Lima, A. C., & Ferraz, F. S. (2017). Survey on microservice architecture - security, privacy and standardization on cloud computing environment. ICSEA, 302–307.
3. Pereira-Vale, A., Fernandez, E. B., Monge, R., Astudillo, H., & Marquez, G. (2021). Security in microservice-based systems: A multivocal literature review. Computer Science Review, 40, 100400. https://doi.org/10.1016/j.cosrev.2021.100400
4. Alshuqayran, N., Ali, N., & Evans, R. (2018). Towards microservice architecture recovery: An empirical study. In 2018 IEEE International Conference on Software Architecture (ICSA) (pp. 47–56). https://doi.org/10.1109/ICSA.2018.00013
5. Pereira-Vale, A., Marquez, G., Astudillo, H., & Fernandez, E. B. (2019). Security mechanisms used in microservices-based systems: A systematic mapping. In 2019 Latin American Computing Conference (CLEI) (pp. 1–10). https://doi.org/10.1109/CLEI47609.2019.235088
6. Nehme, A., Jesus, V., Mahbub, K., & Abdallah, A. (2019). Fine-grained access control for microservices. In Foundations and Practice of Security (pp. 193–208). https://doi.org/10.1007/978-3-030-29959-0_10
7. Yu, D., Jin, Y., Zhang, Y., & Zheng, X. (2018). A survey on security issues in services communication of microservices-enabled fog applications. Concurrency and Computation: Practice and Experience.
8. Li, X., Chen, Y., & Lin, Z. (2019). Towards automated inter-service authorization for microservice applications. In Proceedings of the ACM SIGCOMM 2019 Conference Posters and Demos.
9. Zaheer, Z., Chang, H., Mukherjee, S., & Van der Merwe, J. (2019). EzTrust: Network-independent zero-trust perimeterization for microservices. In Proceedings of the ACM Symposium on SDN Research (pp. 25–36). https://doi.org/10.1145/3314148.3314357
10. Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., & Yarom, Y. (2019). Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1–19). https://doi.org/10.1109/SP.2019.00002
11. Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., & Hamburg, M. (2018). Meltdown: Reading kernel memory from user space. In USENIX Security Symposium (pp. 973–990). https://www.usenix.org/conference/usenixsecurity18/presentation/lipp
12. Hannousse, A., & Yahiouche, S. (2020). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 38, 100303. https://doi.org/10.1016/j.cosrev.2020.100303
13. Banati, A., Kail, E., Karoczkai, K., & Kozlovszky, M. (2018). Authentication and authorization orchestrator for microservice-based software architectures. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1204–1209). https://doi.org/10.23919/MIPRO.2018.8400160
14. Granchelli, G., Cardarelli, M., Di Francesco, P., Malavolta, I., Iovino, L., & Salle, D. (2017). Microart: A software architecture recovery tool for maintaining microservice-based systems. In 2017 IEEE International Conference on Software Architecture Workshops (ICSAW).
15. Ahmadvand, M., & Ibrahim, A. (2016). Requirements reconciliation for scalable and secure microservice (de)composition. In 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).
16. Ravichandiran, R., Bannazadeh, H., & Leon-Garcia, A. (2018). Anomaly detection using resource behaviour analysis for autoscaling systems. In Proceedings of the 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).
17. Sun, Y., Nanda, S., & Jaeger, T. (2015). Security-as-a-service for microservices-based cloud applications. In 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).
18. Pahl, M.-O., & Donini, L. (2018). Securing IoT microservices with certificates. In NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.
19. Pahl, M.-O., & Aubet, F.-X. (2018). All eyes on you: Distributed multi-dimensional IoT microservice anomaly detection. In 2018 14th International Conference on Network and Service Management (CNSM).
20. Sheridan, E. (2019). Microservices security: It gets worse before it gets better. WhiteHat Security. https://www.whitehatsec.com/blog/microservices-security/
21. Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., & Sporleder, C. (2010). Acoustic side-channel attacks on printers. In USENIX Security Symposium (pp. 307–322). https://www.usenix.org/legacy/events/sec10/tech/full_papers/Backes.pdf
22. Ahmadvand, M., & Pretschner, A. (2018). Integrity protection against insiders in microservice-based infrastructures: From threats to a security framework. In Software Technologies: Applications and Foundations (pp. 19–34). https://doi.org/10.1007/978-3-030-04771-9_2