Quick service during DDoS attacks in the container-based cloud environment

Abstract

Distributed Denial of Service (DDoS) attacks are one of the biggest internet security risks. As DDoS attacks directly target the availability of the victim’s services, defending against them is one of the most challenging tasks for the victim organization’s cyber security personnel. Service disruptions, resource conflicts, reputation harm, and financial losses are just a few of the many direct and indirect effects of DDoS attacks. There are several DDoS attack solutions, however, victim organization(s) cyber security personnel still struggle to mitigate it. Among the several ways of mitigating DDoS attacks, it was observed that the most effective approaches include bandwidth limiting and resource reservations. Individually, these solutions have a drawback of increasing the average response time during a DDoS attack for both the malicious and the benign users. We propose a two-line defense system that combines both of these strategies in addition to containerization to minimize DDoS attack effects. First line defense system separates incoming requests based upon the number of connections made for target web-service at any particular instant and sends them to second line defense system. At second line defense system, we limit the bandwidth of intermediate machines that transmit requests to the destination web-service(s). Additionally, the load balancer at the second line defense system routes incoming requests to different containers on the target computers based on line defense system decisions. By segregating incoming requests, we are able to serve benign users requests which send lesser number of requests than threshold value even in the presence of DDoS attacks. The proposed technique shows that benign users’ average response time under DDoS attack is nearly equivalent to that obtained under normal network conditions. The proposed technique is able to preserve the service availability to ∼98% of benign requests even in the presence of massive DDoS attack.