Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation

  title={Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation},
  author={Ronen Ben David and Anat Bremler Barr},
: In recent years, we have witnessed a new kind of DDoS attack, the burst attack(Chai, 2013; Dahan, 2018), where the attacker launches periodic bursts of traffic overload on online targets. Recent work presents a new kind of Burst attack, the YoYo attack (Bremler-Barr et al., 2017) that operates against the auto-scaling mechanism of VMs in the cloud. The periodic bursts of traffic loads cause the auto-scaling mechanism to oscillate between scale-up and scale-down phases. The auto-scaling… 

Figures and Tables from this paper

Uma análise das vulnerabilidades de segurança do Kubernetes
Os orquestradores de contêineres vêm ganhando mais utilizadores a cada ano, sendo utilizado nas infraestrutura de pequenas e grandes empresas. Atualmente, o Kubernetes é o orquestrador mais utilizado


XGBoost: A Scalable Tree Boosting System
This paper proposes a novel sparsity-aware algorithm for sparse data and weighted quantile sketch for approximate tree learning and provides insights on cache access patterns, data compression and sharding to build a scalable tree boosting system called XGBoost.
DDoS attack on cloud auto-scaling mechanisms
The Yo-Yo attack is a new attack against the auto-scaling mechanism that can cause significant performance degradation in addition to economic damage and is harder to detect and requires less resources from the attacker compared to traditional DDoS.
A Comparative Approach to Mitigate Economic Denial of Sustainability (EDoS) in a Cloud Environment
  • Swati Nautiyal, Shruti Wadhwa
  • Computer Science
    2019 4th International Conference on Information Systems and Computer Networks (ISCON)
  • 2019
This paper proposed a new approach that uses Artificial Neural Network along with Genetic Algorithm that that classify the cloud server consumer and may lessen the EDoS attacks in the cloud environment.
Detection of DDoS Attack on SDN Control plane using Hybrid Machine Learning Techniques
This paper has proposed the hybrid machine learning model to protect the controller from DDoS attacks and experimental results clearly manifest that the hybridmachine learning model provides more accuracy, detection rate and less false alarm rate compared to simple machine learning models.
EDoS-ADS: An Enhanced Mitigation Technique Against Economic Denial of Sustainability (EDoS) Attacks
EDoS-ADS is the first known technique that effectively prevents an EDoS attack from blocking an entire NAT-based network from accessing the cloud, and successfully differentiates between legitimate and attacker clients even when they belong to the same NAT- based network.
Anomaly Detection using Resource Behaviour Analysis for Autoscaling systems
An anomaly detection mechanism using resource behaviour analysis to prevent economic denial of sustainability (eDoS) and wastage of resources, and concludes that the models can accurately detect anomalous behaviour for applications on the autoscaling platform.
XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud
The extreme gradient boosting (XGBoost), as detection method in SDN based cloud, is used and results validate that the method performs higher accuracy, lower false positive rate, fast-speed and has scalability.
Auto-Scaling of Containers: The Impact of Relative and Absolute Metrics
This paper proposes and evaluates the performance of a new autoscaling algorithm that could reduce the response time of a factor between 0.66 and 0.5 compared to the actual Kubernetes' horizontal auto-scaling algorithm.
Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-cloud Scrubber Service
For cloud computing to remain attractive, the DDoS threat is to be addressed before it triggers the billing mechanism, which can be addressed by using reactive/on-demand in-cloud eDDoS mitigation service (scrubber Service) for mitigating the application-layer and network-layer DDOS attacks with the help of an efficient client-puzzle approach.
DDoS/EDoS attack in cloud: affecting everyone out there!
It is argued that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server, and losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.