Exploring New Opportunities to Defeat Low-rate DDoS Attack in Container-based Cloud Environment

DDoS attacks are rampant in cloud environments and continually evolve to more sophisticated and intelligent modalities, such as low-rate DDoS attacks. At the same time, the cloud environment is also developing in constant. Container technology and microservice architecture together constitute the container-based cloud environment. Comparing with traditional cloud environments, container-based cloud environment is more lightweight in virtualization and more flexible in service scaling. It also means that the usage mode of resources will be changed accordingly in the container-based cloud environment. Naturally, a question that arises is whether the new features of container-based cloud environment will spark new conditions to defense DDoS attack scenarios. In this paper, we explore the possible solutions to improve the ability of container-based cloud environment to tolerent the low-rate DDoS attack. To this end, we establish a mathematical model to formalize the container-based cloud environment and analyze the feasibility of utilizing the new features to defeat low-rate DDoS attack. Based on the results of analysis, we propose a strategy to mitigate low-rate DDoS attack and demonstrate the validity of this strategy through simulations and testbed-based experiments.