Abstract
Docker is a container technology to create lightweight virtual system framework in the cloud computing environment. Massive users exploit it on systems of Linux, Mac, and Windows to simplify configuration or test large-scale operations and isolate applications. However, considering the security of Docker container, Distributed Denial of Service (DDoS) attacks have been a severe problem which needs to be solved. Therefore, this paper aims to analyze the compressive ability of Docker container and reduce the influence of DDoS by using Control group (Cgroup). Furthermore, an experiment will be designed to detect the effects of Cgroup under three kinds of pressure: run out Central Process Unit (CPU), run out bandwidth and DDoS attack. In addition, limiting CPU, limiting Network (Net) I/O and limiting both of them will be considered as the method to use Cgroup to restrict containers' resources. In a result, it is shown that the attacks would be limited in a certain scope after restricting the resources of containers by Cgroup. Therefore, the method of imposing restrictions on CPU and Net I/O resources of Docker containers by using Cgroup can effectively reduce the impact of DDoS attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
