A multi-level DDoS defense mechanism in container based cloud environment

A multi-level DDoS defense mechanism in container based cloud environment

연구 분야: Software Development

학회: Cluster Computing

DDoS attacks target the victim’s service availability. In this paper, we propose a multi-level DDoS defense mechanism that combines two approaches: bandwidth limitation and resource isolation. We consider requests coming from the same source IP that exceed a threshold value as suspicious and treat other requests as genuine. To achieve this goal, we serve suspicious and legitimate user requests in separate containers. We also apply the bandwidth limitation to incoming traffic from containers that serve suspicious requests, ensuring that the victim container does not create a resource contention problem. We chose three different strategies to test our proposed mechanisms: the 50-25-75 strategy, the 100-50-150 strategy, and the 150-75-225 strategy. The experimental results demonstrate that the proposed approach, when subjected to DDoS attacks, reduces the failure rate of genuine requests and maintains response times that are comparable to those under normal network conditions. When there is a DDoS attack, the proposed defense system can make the target service available 87% of the time with the 50-25-75 strategy, 70% of the time with the 100-50-150 strategy, and 85% of the time with the 150-75-225 strategy, in contrast to a single-level DDoS defense system.