Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation
@inproceedings{David2021KubernetesAY,
title={Kubernetes Autoscaling: YoYo Attack Vulnerability and Mitigation},
author={Ronen Ben David and Anat Bremler Barr},
booktitle={CLOSER},
year={2021}
}: In recent years, we have witnessed a new kind of DDoS attack, the burst attack(Chai, 2013; Dahan, 2018), where the attacker launches periodic bursts of traffic overload on online targets. Recent work presents a new kind of Burst attack, the YoYo attack (Bremler-Barr et al., 2017) that operates against the auto-scaling mechanism of VMs in the cloud. The periodic bursts of traffic loads cause the auto-scaling mechanism to oscillate between scale-up and scale-down phases. The auto-scaling…
Figures and Tables from this paper
One Citation
Uma análise das vulnerabilidades de segurança do Kubernetes
- Anais da XIX Escola Regional de Redes de Computadores (ERRC 2021)
- 2021
Os orquestradores de contêineres vêm ganhando mais utilizadores a cada ano, sendo utilizado nas infraestrutura de pequenas e grandes empresas. Atualmente, o Kubernetes é o orquestrador mais utilizado…
References
SHOWING 1-10 OF 29 REFERENCES
XGBoost: A Scalable Tree Boosting System
- Computer ScienceKDD
- 2016
This paper proposes a novel sparsity-aware algorithm for sparse data and weighted quantile sketch for approximate tree learning and provides insights on cache access patterns, data compression and sharding to build a scalable tree boosting system called XGBoost.
DDoS attack on cloud auto-scaling mechanisms
- Computer ScienceIEEE INFOCOM 2017 - IEEE Conference on Computer Communications
- 2017
The Yo-Yo attack is a new attack against the auto-scaling mechanism that can cause significant performance degradation in addition to economic damage and is harder to detect and requires less resources from the attacker compared to traditional DDoS.
A Comparative Approach to Mitigate Economic Denial of Sustainability (EDoS) in a Cloud Environment
- Computer Science2019 4th International Conference on Information Systems and Computer Networks (ISCON)
- 2019
This paper proposed a new approach that uses Artificial Neural Network along with Genetic Algorithm that that classify the cloud server consumer and may lessen the EDoS attacks in the cloud environment.
Detection of DDoS Attack on SDN Control plane using Hybrid Machine Learning Techniques
- Computer Science2018 International Conference on Smart Systems and Inventive Technology (ICSSIT)
- 2018
This paper has proposed the hybrid machine learning model to protect the controller from DDoS attacks and experimental results clearly manifest that the hybridmachine learning model provides more accuracy, detection rate and less false alarm rate compared to simple machine learning models.
EDoS-ADS: An Enhanced Mitigation Technique Against Economic Denial of Sustainability (EDoS) Attacks
- Computer ScienceIEEE Transactions on Cloud Computing
- 2020
EDoS-ADS is the first known technique that effectively prevents an EDoS attack from blocking an entire NAT-based network from accessing the cloud, and successfully differentiates between legitimate and attacker clients even when they belong to the same NAT- based network.
Anomaly Detection using Resource Behaviour Analysis for Autoscaling systems
- Computer Science2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft)
- 2018
An anomaly detection mechanism using resource behaviour analysis to prevent economic denial of sustainability (eDoS) and wastage of resources, and concludes that the models can accurately detect anomalous behaviour for applications on the autoscaling platform.
XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud
- Computer Science2018 IEEE International Conference on Big Data and Smart Computing (BigComp)
- 2018
The extreme gradient boosting (XGBoost), as detection method in SDN based cloud, is used and results validate that the method performs higher accuracy, lower false positive rate, fast-speed and has scalability.
Auto-Scaling of Containers: The Impact of Relative and Absolute Metrics
- Computer Science2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W)
- 2017
This paper proposes and evaluates the performance of a new autoscaling algorithm that could reduce the response time of a factor between 0.66 and 0.5 compared to the actual Kubernetes' horizontal auto-scaling algorithm.
Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-cloud Scrubber Service
- Computer Science2012 Fourth International Conference on Computational Intelligence and Communication Networks
- 2012
For cloud computing to remain attractive, the DDoS threat is to be addressed before it triggers the billing mechanism, which can be addressed by using reactive/on-demand in-cloud eDDoS mitigation service (scrubber Service) for mitigating the application-layer and network-layer DDOS attacks with the help of an efficient client-puzzle approach.
DDoS/EDoS attack in cloud: affecting everyone out there!
- Computer ScienceSIN
- 2015
It is argued that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server, and losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.