Infraestrutura como Mitigação: Um Estudo de Viabilidade do Uso do Auto-Scaling Contra Ataques de DoS em Ambiente de Microsserviços
Resumo
Os ataques de negação de serviço - Denial-of-Service (DoS) estão mais frequentes e sofisticados, tornando-se um grande desafio da atualidade, impactando negativamente as empresas, causando prejuízo financeiro e danos à reputação. Além disso, esses ataques são gerados visando assemelhar-se a clientes legítimos, dificultando a ação das ferramentas de detecção/mitigação. Portanto, este artigo propõe o uso da funcionalidade de dimensionamento automático, disponível na plataforma Kubernetes, para oferecer uma maior disponibilidade durante um ataque DoS. Verificou-se, durante a realização de experimentos, que os clientes tiveram um aumento da disponibilidade e uma diminuição do tempo de serviço quando a estratégia de dimensionamento automático estava ativada, durante os ataques.
Referências
Almaraz-Rivera, J. G. (2023). An anomaly-based detection system for monitoring kubernetes infrastructures. IEEE Latin America Transactions, 21(3):457–465. Acesso em: 4 jan. 2024.
Balla, D., Simon, C., and Maliosz, M. (2020). Adaptive scaling of kubernetes pods. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Beigi-Mohammadi, N., Barna, C., Shtern, M., Khazaei, H., and Litoiu, M. (2016). Caamp: Completely automated ddos attack mitigation platform in hybrid clouds. In 2016 12th International Conference on Network and Service Management (CNSM), pages 136–143.
Beigi-Mohammadi, N., Shtern, M., and Litoiu, M. (2020). Adaptive load management of web applications on software defined infrastructure. IEEE Transactions on Network and Service Management, 17(1):488–502.
Cloudflare (2020). O que é um ataque de negação de serviço (dos)? [link]. Acessado em 21 de junho de 2023.
Cloudflare (2023). Ddos threat report for 2023 q4. [link]. Acessado em 10 de janeiro de 2024.
Corrêa, J. H., Ciarelli, P. M., Ribeiro, M. R., and Villaça, R. S. (2021). Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. Journal of Network and Systems Management, 29:1–28.
Corrêa, J. H. G. M., Sousa Junior, E. A., Fonseca, I. E., Nigam, V., Ribeiro, M. R. N., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3.
Dewi, L. P., Noertjahyana, A., Palit, H. N., and Yedutun, K. (2019). Server scalability using kubernetes. In 2019 4th technology innovation management and engineering science international conference (TIMES-iCON), pages 1–4. IEEE.
He, Z. (2020). Novel container cloud elastic scaling strategy based on kubernetes. In 2020 IEEE 5th information technology and mechatronics engineering conference (ITOEC), pages 1400–1404. IEEE.
Laigner, R., Zhou, Y., Salles, M. A. V., Liu, Y., and Kalinowski, M. (2021). Data management in microservices: State of the practice, challenges, and research directions. arXiv preprint arXiv:2103.00170.
Liu, G., Huang, B., Liang, Z., Qin, M., Zhou, H., and Li, Z. (2020). Microservices: architecture, container, and challenges. In 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 629–635.
Microsoft (2022). Azure ddos protection—2021 q3 and q4 ddos attack trends. [link]. Acessado em 10 de janeiro de 2024.
Perveez, S. H. (2020). Understanding kubernetes architecture and its use cases. [link]. Acessado em 2023-05-29.
Prometheus (2015). Overview. [link]. Acessado: 21-06-2023.
Radware (2022). Radware-2022-global-threat-analysis-report. [link]. Acessado em 10 de janeiro de 2024.
Shah, J. and Dubaria, D. (2019). Building modern clouds: Using docker, kubernetes google cloud platform. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pages 0184–0189.
Shim, S., Dhokariya, A., Doshi, D., Upadhye, S., Patwari, V., and Park, J.-Y. (2023). Predictive auto-scaler for kubernetes cloud. In 2023 IEEE International Systems Conference (SysCon), pages 1–8.
Tran, M.-N., Vu, D.-D., and Kim, Y. (2022). A survey of autoscaling in kubernetes. In 2022 Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN), pages 263–265. IEEE.
Wong, A. Y., Chekole, E. G., Ochoa, M., and Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers Security, 128:103140.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zhao, H., Lim, H., Hanif, M., and Lee, C. (2019). Predictive container auto-scaling for cloud-native applications. In 2019 International Conference on Information and Communication Technology Convergence (ICTC), pages 1280–1282. IEEE.
Balla, D., Simon, C., and Maliosz, M. (2020). Adaptive scaling of kubernetes pods. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Beigi-Mohammadi, N., Barna, C., Shtern, M., Khazaei, H., and Litoiu, M. (2016). Caamp: Completely automated ddos attack mitigation platform in hybrid clouds. In 2016 12th International Conference on Network and Service Management (CNSM), pages 136–143.
Beigi-Mohammadi, N., Shtern, M., and Litoiu, M. (2020). Adaptive load management of web applications on software defined infrastructure. IEEE Transactions on Network and Service Management, 17(1):488–502.
Cloudflare (2020). O que é um ataque de negação de serviço (dos)? [link]. Acessado em 21 de junho de 2023.
Cloudflare (2023). Ddos threat report for 2023 q4. [link]. Acessado em 10 de janeiro de 2024.
Corrêa, J. H., Ciarelli, P. M., Ribeiro, M. R., and Villaça, R. S. (2021). Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. Journal of Network and Systems Management, 29:1–28.
Corrêa, J. H. G. M., Sousa Junior, E. A., Fonseca, I. E., Nigam, V., Ribeiro, M. R. N., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3.
Dewi, L. P., Noertjahyana, A., Palit, H. N., and Yedutun, K. (2019). Server scalability using kubernetes. In 2019 4th technology innovation management and engineering science international conference (TIMES-iCON), pages 1–4. IEEE.
He, Z. (2020). Novel container cloud elastic scaling strategy based on kubernetes. In 2020 IEEE 5th information technology and mechatronics engineering conference (ITOEC), pages 1400–1404. IEEE.
Laigner, R., Zhou, Y., Salles, M. A. V., Liu, Y., and Kalinowski, M. (2021). Data management in microservices: State of the practice, challenges, and research directions. arXiv preprint arXiv:2103.00170.
Liu, G., Huang, B., Liang, Z., Qin, M., Zhou, H., and Li, Z. (2020). Microservices: architecture, container, and challenges. In 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 629–635.
Microsoft (2022). Azure ddos protection—2021 q3 and q4 ddos attack trends. [link]. Acessado em 10 de janeiro de 2024.
Perveez, S. H. (2020). Understanding kubernetes architecture and its use cases. [link]. Acessado em 2023-05-29.
Prometheus (2015). Overview. [link]. Acessado: 21-06-2023.
Radware (2022). Radware-2022-global-threat-analysis-report. [link]. Acessado em 10 de janeiro de 2024.
Shah, J. and Dubaria, D. (2019). Building modern clouds: Using docker, kubernetes google cloud platform. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pages 0184–0189.
Shim, S., Dhokariya, A., Doshi, D., Upadhye, S., Patwari, V., and Park, J.-Y. (2023). Predictive auto-scaler for kubernetes cloud. In 2023 IEEE International Systems Conference (SysCon), pages 1–8.
Tran, M.-N., Vu, D.-D., and Kim, Y. (2022). A survey of autoscaling in kubernetes. In 2022 Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN), pages 263–265. IEEE.
Wong, A. Y., Chekole, E. G., Ochoa, M., and Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers Security, 128:103140.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zhao, H., Lim, H., Hanif, M., and Lee, C. (2019). Predictive container auto-scaling for cloud-native applications. In 2019 International Conference on Information and Communication Technology Convergence (ICTC), pages 1280–1282. IEEE.
Publicado
24/05/2024
Como Citar
CRUZ, Emanuel Ávila; ANDRADE, João Batista; CORRÊA, João Henrique.
Infraestrutura como Mitigação: Um Estudo de Viabilidade do Uso do Auto-Scaling Contra Ataques de DoS em Ambiente de Microsserviços. In: WORKSHOP DE TESTES E TOLERÂNCIA A FALHAS (WTF), 25. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 85-98.
ISSN 2595-2684.
DOI: https://doi.org/10.5753/wtf.2024.3311.
