Preserving Service Availability Under DDoS Attack in Micro-Service Based Cloud Infrastructure

Anmol Kumar, Mayank Agarwal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Distributed denial of service (DDoS) attacks target the availability of the victim's services. DDoS attacks, being resource-consumption attacks, create heavy resource contention. In the state of the art, we found that resource isolation for legitimate users assisted in maintaining service availability even in the presence of DDoS attacks. As the networks are moving towards micro-service architecture, DDoS attack on these architecture can lead to disruption of services. In this work, we implement a micro-service architecture using container based environment. We use the threshold connection and micro-service architecture to preserve service availability under DDoS attack. The threshold connection will check for the active connection of distinct web pages, and micro-service architecture helps in serving those different requests on different containers. We classify those users whose number of requests is greater than the threshold connection as attacker and the rest of them as benign users. Also, we classify the target web page into two categories: high resource consumption web pages and low resource consumption web pages based on their resource consumption. We serve the requests for both pages in different containers. Our experimental results show that even in the presence of a massive DDoS attack, our proposed mechanism is able to preserve the availability of the target service. The proposed methodology leads to failure of only 8 benign requests as compared to 499 under state-of-the-art. It is imperative to emphasize that the proposed technique should not be regarded as a DDoS detection instrument but rather as a supplementary component to an existing detection solutions.

Original languageEnglish
Title of host publication16th International Conference on Security of Information and Networks, SIN 2023
EditorsManoj Kumar Bohra, Mahesh Jangid, Sandeep Chaurasia, Parvez Faruki, Somya Goyal, Atilla Elci
PublisherInstitute of Electrical and Electronics Engineers
ISBN (Electronic)9798350343212
DOIs
StatePublished - 1 Jan 2023
Externally publishedYes
Event16th International Conference on Security of Information and Networks, SIN 2023 - Jaipur, India
Duration: 20 Nov 202321 Nov 2023

Publication series

Name16th International Conference on Security of Information and Networks, SIN 2023

Conference

Conference16th International Conference on Security of Information and Networks, SIN 2023
Country/TerritoryIndia
CityJaipur
Period20/11/2321/11/23

Keywords

  • Availability
  • Cloud security
  • Containers
  • Distributed Denial of Service (DDoS)
  • Network security
  • Security and Protection

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Health Informatics
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Preserving Service Availability Under DDoS Attack in Micro-Service Based Cloud Infrastructure'. Together they form a unique fingerprint.

Cite this