Ataques DoS Mitigados por Autoscaling: Uma Abordagem Analítica Transiente para Avaliar Sistemas Multicamadas
Resumo
Ataques DoS (Denial of Service) ainda afetam sistemas de microserviços com múltiplas camadas, onde o congestionamento costuma aparecer primeiro na entrada do sistema. Para reduzir esse acúmulo, usa-se autoscaling para aumentar o paralelismo quando a ocupação cresce. Na prática, comparar configurações de autoscaling para preparação contra DoS é difícil porque os efeitos mais importantes aparecem ao longo do tempo (crescimento, pico e recuperação) e não apenas no regime estacionário. Este trabalho propõe uma abordagem analítica baseada em modelagem estocástica para estudar, de forma controlada e reprodutível, como parâmetros de autoscaling alteram a dinâmica temporal do congestionamento sob DoS. A avaliação foca na utilização da fila de entrada ao longo do tempo, permitindo observar pico, atraso até a reversão e tempo de retorno a níveis baixos.Referências
Bremler-Barr, A., Brosh, E., and Sides, M. (2017). Ddos attack on cloud auto-scaling mechanisms. In IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pages 1–9. IEEE.
Bremler-Barr, A., Czeizler, M., Levy, H., and Tavori, J. (2024). Exploiting miscoordination of microservices in tandem for effective ddos attacks. In IEEE INFOCOM 2024-IEEE Conference on Computer Communications, pages 231–240. IEEE.
Corrêa, J. H. G., Junior, E. A. S., Fonseca, I. E., Nigam, V., Ribeiro, M. R., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3. IEEE.
David, R. B. (2021). Kubernetes auto-scaling: Yoyo attack vulnerability and mitigation. Master’s thesis, Reichman University (Israel).
Eriksson, L., Johansson, E., Kettaneh-Wold, N., Wikström, C., and Wold, S. (2000). Design of experiments. Principles and Applications, Learn ways AB, Stockholm.
g1 (2025). Caixa atrasa sorteio da mega da virada e apostadores reclamam nas redes. Acesso em 3 jan. 2026.
Huang, K., Peng, G., and Mehmood, F. (2025). A mathematical model of a novel proportional control scheme for mitigating ddos attacks in tcp/aqm-npc networks. Computer Networks, page 111893.
Khan, I. U., Abdollahi, A., Alturki, R., Alshehri, M. D., Ikram, M. A., Alyamani, H. J., and Khan, S. (2021). Intelligent detection system enabled attack probability using markov chain in aerial networks. Wireless Communications and Mobile Computing, 2021(1):1542657.
Kumari, P. and Jain, A. K. (2024). Timely detection of ddos attacks in iot with dimensionality reduction. Cluster Computing, 27(6):7869–7887.
Maciel, P. R. M. (2023). Performance, reliability, and availability evaluation of computational systems, volume I: performance and background. Chapman and Hall/CRC.
Mura, I. (2015). Detailed state probability distribution of infinite servers queues with phase-type distributed service times. Revista Ontare, 3(1):29–54.
Mutar, M. H., El Fawal, A. H., Nasser, A., and Mansour, A. (2024). Predicting the impact of distributed denial of service (ddos) attacks in long-term evolution for machine (lte-m) networks using a continuous-time markov chain (ctmc) model. Electronics, 13(21):4145.
Poojara, S. R., Dehury, C. K., Jakovits, P., and Srirama, S. N. (2022). Serverless data pipeline approaches for iot data in fog and cloud computing. Future Generation Computer Systems, 130:91–105.
Santos, L., Nguyen, T. A., and Silva, F. A. (2024). Internet of medical things: a performability performance analysis. International Journal of Computer Applications in Technology, 75(1):35–47.
Silva, B., Matos, R., Callou, G., Figueiredo, J., Oliveira, D., Ferreira, J., Dantas, J., Lobo, A., Alves, V., and Maciel, P. (2015). Mercury: An integrated environment for performance and dependability evaluation of general systems. In Proceedings of industrial track at 45th dependable systems and networks conference, DSN, pages 1–4.
Wang, D., Chen, X., Wang, Q., Wang, S., Xu, F., and Zheng, T. (2022). Autoscaling cracker: an efficient asymmetric ddos attack on serverless functions. In GLOBECOM 2022-2022 IEEE Global Communications Conference, pages 4179–4184. IEEE.
Wei, W., Song, H., Wang, H., and Fan, X. (2017). Research and simulation of queue management algorithms in ad hoc networks under ddos attack. Ieee Access, 5:27810–27817.
Xie, L., Yuan, B., Yang, H., Hu, Z., Jiang, L., Zhang, L., and Cheng, X. (2024). Mrfm: A timely detection method for ddos attacks in iot with multidimensional reconstruction and function mapping. Computer standards & interfaces, 89:103829.
Bremler-Barr, A., Czeizler, M., Levy, H., and Tavori, J. (2024). Exploiting miscoordination of microservices in tandem for effective ddos attacks. In IEEE INFOCOM 2024-IEEE Conference on Computer Communications, pages 231–240. IEEE.
Corrêa, J. H. G., Junior, E. A. S., Fonseca, I. E., Nigam, V., Ribeiro, M. R., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3. IEEE.
David, R. B. (2021). Kubernetes auto-scaling: Yoyo attack vulnerability and mitigation. Master’s thesis, Reichman University (Israel).
Eriksson, L., Johansson, E., Kettaneh-Wold, N., Wikström, C., and Wold, S. (2000). Design of experiments. Principles and Applications, Learn ways AB, Stockholm.
g1 (2025). Caixa atrasa sorteio da mega da virada e apostadores reclamam nas redes. Acesso em 3 jan. 2026.
Huang, K., Peng, G., and Mehmood, F. (2025). A mathematical model of a novel proportional control scheme for mitigating ddos attacks in tcp/aqm-npc networks. Computer Networks, page 111893.
Khan, I. U., Abdollahi, A., Alturki, R., Alshehri, M. D., Ikram, M. A., Alyamani, H. J., and Khan, S. (2021). Intelligent detection system enabled attack probability using markov chain in aerial networks. Wireless Communications and Mobile Computing, 2021(1):1542657.
Kumari, P. and Jain, A. K. (2024). Timely detection of ddos attacks in iot with dimensionality reduction. Cluster Computing, 27(6):7869–7887.
Maciel, P. R. M. (2023). Performance, reliability, and availability evaluation of computational systems, volume I: performance and background. Chapman and Hall/CRC.
Mura, I. (2015). Detailed state probability distribution of infinite servers queues with phase-type distributed service times. Revista Ontare, 3(1):29–54.
Mutar, M. H., El Fawal, A. H., Nasser, A., and Mansour, A. (2024). Predicting the impact of distributed denial of service (ddos) attacks in long-term evolution for machine (lte-m) networks using a continuous-time markov chain (ctmc) model. Electronics, 13(21):4145.
Poojara, S. R., Dehury, C. K., Jakovits, P., and Srirama, S. N. (2022). Serverless data pipeline approaches for iot data in fog and cloud computing. Future Generation Computer Systems, 130:91–105.
Santos, L., Nguyen, T. A., and Silva, F. A. (2024). Internet of medical things: a performability performance analysis. International Journal of Computer Applications in Technology, 75(1):35–47.
Silva, B., Matos, R., Callou, G., Figueiredo, J., Oliveira, D., Ferreira, J., Dantas, J., Lobo, A., Alves, V., and Maciel, P. (2015). Mercury: An integrated environment for performance and dependability evaluation of general systems. In Proceedings of industrial track at 45th dependable systems and networks conference, DSN, pages 1–4.
Wang, D., Chen, X., Wang, Q., Wang, S., Xu, F., and Zheng, T. (2022). Autoscaling cracker: an efficient asymmetric ddos attack on serverless functions. In GLOBECOM 2022-2022 IEEE Global Communications Conference, pages 4179–4184. IEEE.
Wei, W., Song, H., Wang, H., and Fan, X. (2017). Research and simulation of queue management algorithms in ad hoc networks under ddos attack. Ieee Access, 5:27810–27817.
Xie, L., Yuan, B., Yang, H., Hu, Z., Jiang, L., Zhang, L., and Cheng, X. (2024). Mrfm: A timely detection method for ddos attacks in iot with multidimensional reconstruction and function mapping. Computer standards & interfaces, 89:103829.
Publicado
25/05/2026
Como Citar
SILVA, Francisco Airton; FÉ, Iure; FEITOSA, Leonel; REGO, Paulo; NOGUEIRA, Bruno.
Ataques DoS Mitigados por Autoscaling: Uma Abordagem Analítica Transiente para Avaliar Sistemas Multicamadas. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 44. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 309-322.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2026.19312.
