Infrastructure as Mitigation: A Feasibility Study of Using Auto-Scaling Against DoS Attacks in a Microservices Environment
Abstract
Denial-of-service (DoS) attacks are becoming more frequent and sophisticated, becoming a major challenge today, impacting companies negatively, and causing financial loss and damage to reputation. Furthermore, these attacks are generated to look like legitimate clients, making it difficult for detection/mitigation tools to do their job. Therefore, this paper proposes the use of the auto-scaling feature, available in the Kubernetes platform, to offer a higher availability during a DoS attack. It was verified during experiments that clients experienced an increase in availability and a decrease in service time when the auto-scaling strategy was enabled, during attacks.
References
Almaraz-Rivera, J. G. (2023). An anomaly-based detection system for monitoring kubernetes infrastructures. IEEE Latin America Transactions, 21(3):457–465. Acesso em: 4 jan. 2024.
Balla, D., Simon, C., and Maliosz, M. (2020). Adaptive scaling of kubernetes pods. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Beigi-Mohammadi, N., Barna, C., Shtern, M., Khazaei, H., and Litoiu, M. (2016). Caamp: Completely automated ddos attack mitigation platform in hybrid clouds. In 2016 12th International Conference on Network and Service Management (CNSM), pages 136–143.
Beigi-Mohammadi, N., Shtern, M., and Litoiu, M. (2020). Adaptive load management of web applications on software defined infrastructure. IEEE Transactions on Network and Service Management, 17(1):488–502.
Cloudflare (2020). O que é um ataque de negação de serviço (dos)? [link]. Acessado em 21 de junho de 2023.
Cloudflare (2023). Ddos threat report for 2023 q4. [link]. Acessado em 10 de janeiro de 2024.
Corrêa, J. H., Ciarelli, P. M., Ribeiro, M. R., and Villaça, R. S. (2021). Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. Journal of Network and Systems Management, 29:1–28.
Corrêa, J. H. G. M., Sousa Junior, E. A., Fonseca, I. E., Nigam, V., Ribeiro, M. R. N., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3.
Dewi, L. P., Noertjahyana, A., Palit, H. N., and Yedutun, K. (2019). Server scalability using kubernetes. In 2019 4th technology innovation management and engineering science international conference (TIMES-iCON), pages 1–4. IEEE.
He, Z. (2020). Novel container cloud elastic scaling strategy based on kubernetes. In 2020 IEEE 5th information technology and mechatronics engineering conference (ITOEC), pages 1400–1404. IEEE.
Laigner, R., Zhou, Y., Salles, M. A. V., Liu, Y., and Kalinowski, M. (2021). Data management in microservices: State of the practice, challenges, and research directions. arXiv preprint arXiv:2103.00170.
Liu, G., Huang, B., Liang, Z., Qin, M., Zhou, H., and Li, Z. (2020). Microservices: architecture, container, and challenges. In 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 629–635.
Microsoft (2022). Azure ddos protection—2021 q3 and q4 ddos attack trends. [link]. Acessado em 10 de janeiro de 2024.
Perveez, S. H. (2020). Understanding kubernetes architecture and its use cases. [link]. Acessado em 2023-05-29.
Prometheus (2015). Overview. [link]. Acessado: 21-06-2023.
Radware (2022). Radware-2022-global-threat-analysis-report. [link]. Acessado em 10 de janeiro de 2024.
Shah, J. and Dubaria, D. (2019). Building modern clouds: Using docker, kubernetes google cloud platform. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pages 0184–0189.
Shim, S., Dhokariya, A., Doshi, D., Upadhye, S., Patwari, V., and Park, J.-Y. (2023). Predictive auto-scaler for kubernetes cloud. In 2023 IEEE International Systems Conference (SysCon), pages 1–8.
Tran, M.-N., Vu, D.-D., and Kim, Y. (2022). A survey of autoscaling in kubernetes. In 2022 Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN), pages 263–265. IEEE.
Wong, A. Y., Chekole, E. G., Ochoa, M., and Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers Security, 128:103140.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zhao, H., Lim, H., Hanif, M., and Lee, C. (2019). Predictive container auto-scaling for cloud-native applications. In 2019 International Conference on Information and Communication Technology Convergence (ICTC), pages 1280–1282. IEEE.
Balla, D., Simon, C., and Maliosz, M. (2020). Adaptive scaling of kubernetes pods. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Beigi-Mohammadi, N., Barna, C., Shtern, M., Khazaei, H., and Litoiu, M. (2016). Caamp: Completely automated ddos attack mitigation platform in hybrid clouds. In 2016 12th International Conference on Network and Service Management (CNSM), pages 136–143.
Beigi-Mohammadi, N., Shtern, M., and Litoiu, M. (2020). Adaptive load management of web applications on software defined infrastructure. IEEE Transactions on Network and Service Management, 17(1):488–502.
Cloudflare (2020). O que é um ataque de negação de serviço (dos)? [link]. Acessado em 21 de junho de 2023.
Cloudflare (2023). Ddos threat report for 2023 q4. [link]. Acessado em 10 de janeiro de 2024.
Corrêa, J. H., Ciarelli, P. M., Ribeiro, M. R., and Villaça, R. S. (2021). Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. Journal of Network and Systems Management, 29:1–28.
Corrêa, J. H. G. M., Sousa Junior, E. A., Fonseca, I. E., Nigam, V., Ribeiro, M. R. N., and Villaça, R. S. (2019). Selectivity and autoscaling as complementary defenses for ddos protection to cloud services. In 2019 IEEE 8th International Conference on Cloud Networking (CloudNet), pages 1–3.
Dewi, L. P., Noertjahyana, A., Palit, H. N., and Yedutun, K. (2019). Server scalability using kubernetes. In 2019 4th technology innovation management and engineering science international conference (TIMES-iCON), pages 1–4. IEEE.
He, Z. (2020). Novel container cloud elastic scaling strategy based on kubernetes. In 2020 IEEE 5th information technology and mechatronics engineering conference (ITOEC), pages 1400–1404. IEEE.
Laigner, R., Zhou, Y., Salles, M. A. V., Liu, Y., and Kalinowski, M. (2021). Data management in microservices: State of the practice, challenges, and research directions. arXiv preprint arXiv:2103.00170.
Liu, G., Huang, B., Liang, Z., Qin, M., Zhou, H., and Li, Z. (2020). Microservices: architecture, container, and challenges. In 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 629–635.
Microsoft (2022). Azure ddos protection—2021 q3 and q4 ddos attack trends. [link]. Acessado em 10 de janeiro de 2024.
Perveez, S. H. (2020). Understanding kubernetes architecture and its use cases. [link]. Acessado em 2023-05-29.
Prometheus (2015). Overview. [link]. Acessado: 21-06-2023.
Radware (2022). Radware-2022-global-threat-analysis-report. [link]. Acessado em 10 de janeiro de 2024.
Shah, J. and Dubaria, D. (2019). Building modern clouds: Using docker, kubernetes google cloud platform. In 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pages 0184–0189.
Shim, S., Dhokariya, A., Doshi, D., Upadhye, S., Patwari, V., and Park, J.-Y. (2023). Predictive auto-scaler for kubernetes cloud. In 2023 IEEE International Systems Conference (SysCon), pages 1–8.
Tran, M.-N., Vu, D.-D., and Kim, Y. (2022). A survey of autoscaling in kubernetes. In 2022 Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN), pages 263–265. IEEE.
Wong, A. Y., Chekole, E. G., Ochoa, M., and Zhou, J. (2023). On the security of containers: Threat modeling, attack analysis, and mitigation strategies. Computers Security, 128:103140.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zhao, H., Lim, H., Hanif, M., and Lee, C. (2019). Predictive container auto-scaling for cloud-native applications. In 2019 International Conference on Information and Communication Technology Convergence (ICTC), pages 1280–1282. IEEE.
Published
2024-05-24
How to Cite
CRUZ, Emanuel Ávila; ANDRADE, João Batista; CORRÊA, João Henrique.
Infrastructure as Mitigation: A Feasibility Study of Using Auto-Scaling Against DoS Attacks in a Microservices Environment. In: FAULT TOLERANCE WORKSHOP (WTF), 25. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 85-98.
ISSN 2595-2684.
DOI: https://doi.org/10.5753/wtf.2024.3311.
