Detection of Denial of Service Attack in Cloud Based Kubernetes Using eBPF
-
Published:2023-04-07
Issue:8
Volume:13
Page:4700
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Sadiq Amin1, Syed Hassan Jamil12ORCID, Ansari Asad Ahmed1, Ibrahim Ashraf Osman2ORCID, Alohaly Manar3ORCID, Elsadig Muna3ORCID
Affiliation:
1. Department of Computer Science, National University Computer and Emerging Sciences, Karachi 75030, Pakistan 2. Faculty of Computing and Informatics, Universiti Malaysia Sabah, Kota Kinabalu 88400, Malaysia 3. Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P.O. Box 84428, Riyadh 11671, Saudi Arabia
Abstract
Kubernetes is an orchestration tool that runs and manages container-based workloads. It works as a collection of different virtual or physical servers that support multiple storage capacities, provide network functionalities, and keep all containerized applications active in a desired state. It also provides an increasing fleet of different facilities, known as microservices. However, Kubernetes’ scalability has led to a complex network structure with an increased attack vector. Attackers can launch a Denial of service (DoS) attack against servers/machines in Kubernetes by producing fake traffic load, for instance. DoS or Distributed Denial of service (DDoS) attacks are malicious attempts to disrupt a targeted service by flooding the target’s service with network packets. Constant observation of the network traffic is extremely important for the early detection of such attacks. Extended Berkeley Packet Filter (eBPF) and eXpress Datapath (XDP) are advanced technologies in the Linux kernel that perform high-speed packet processing. In the case of Kubernetes, eBPF and XDP can be used to protect against DDoS attacks by enabling fast and efficient network security policies. For example, XDP can be used to filter out traffic that is not authorized to access the Kubernetes cluster, while eBPF can be used to monitor network traffic for signs of DDoS attacks, such as excessive traffic from a single source. In this research, we utilize eBPF and XDP to build a detection and observation mechanism to filter out malicious content and mitigate a Denial of Service attack on Kubernetes.
Funder
Princess Nourah bint Abdulrahman University
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference21 articles.
1. McCanne, S., and Jacobson, V. (1993, January 25–29). The BSD Packet Filter: A New Architecture for User-Level Packet Capture. Proceedings of the USENIX Winter, San Diego, CA, USA. 2. Fast packet processing with eBPF and XDP: Concepts, code, challenges, and applications;Vieira;ACM Comput. Surv. CSUR,2020 3. Scholz, D., Raumer, D., Emmerich, P., Kurtz, A., Lesiak, K., and Carle, G. (2018, January 3–7). Performance implications of packet filtering with Linux eBPF. Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria. 4. Nelson, L., Van Geffen, J., Torlak, E., and Wang, X. (2020, January 4–6). Specification and verification in the field: Applying formal methods to {BPF} just-in-time compilers in the Linux kernel. Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), Virtual Conference. 5. Containers and cloud: From LXC to docker to Kubernetes;Bernstein;IEEE Cloud Comput.,2014
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|