Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes
Mobile Edge Computing (MEC) has a significant potential to become more prevalent in Fifth Generation (5G) networks, requiring resource management that is lightweight, agile, and dynamic. Container-based virtualization platforms, such as Kubernetes, have emerged as key enablers for MEC environments....
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10755088/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846159854549336064 |
|---|---|
| author | Sarp Koksal Ferhat Ozgur Catak Yaser Dalveren |
| author_facet | Sarp Koksal Ferhat Ozgur Catak Yaser Dalveren |
| author_sort | Sarp Koksal |
| collection | DOAJ |
| description | Mobile Edge Computing (MEC) has a significant potential to become more prevalent in Fifth Generation (5G) networks, requiring resource management that is lightweight, agile, and dynamic. Container-based virtualization platforms, such as Kubernetes, have emerged as key enablers for MEC environments. However, network security and data privacy remain significant concerns, particularly due to Distributed Denial-of-Service (DDoS) attacks that threaten the massive connectivity of end-devices. This study proposes a defense mechanism to mitigate DDoS attacks in container-based MEC networks using Kubernetes. The mechanism dynamically scales Containerized Network Functions (CNFs) with auto-scaling through an Intrusion Detection and Prevention System (IDPS). The architecture of the proposed mechanism leverages distributed edge clusters and Kubernetes to manage resources and balance the load of IDPS CNFs. Experiments conducted in a real MEC environment using OpenShift and Telco-grade MEC profiles demonstrate the effectiveness of the proposed mechanism against Domain Name System (DNS) flood and Yo-Yo attacks. Results also verify that Kubernetes efficiently meets the lightweight, agile, and dynamic resource management requirements of MEC networks. |
| format | Article |
| id | doaj-art-ee39112ece5a4ea59cde71a590512475 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-ee39112ece5a4ea59cde71a5905124752024-11-23T00:01:40ZengIEEEIEEE Access2169-35362024-01-011217298017299110.1109/ACCESS.2024.350119210755088Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using KubernetesSarp Koksal0https://orcid.org/0000-0003-2341-0582Ferhat Ozgur Catak1https://orcid.org/0000-0002-2434-9966Yaser Dalveren2https://orcid.org/0000-0002-9459-0042Red Hat Inc., Istanbul, TürkiyeDepartment of Electrical Engineering and Computer Science, University of Stavanger, Rogaland, NorwayDepartment of Electrical and Electronics Engineering, İzmir Bakırçay University, İzmir, TürkiyeMobile Edge Computing (MEC) has a significant potential to become more prevalent in Fifth Generation (5G) networks, requiring resource management that is lightweight, agile, and dynamic. Container-based virtualization platforms, such as Kubernetes, have emerged as key enablers for MEC environments. However, network security and data privacy remain significant concerns, particularly due to Distributed Denial-of-Service (DDoS) attacks that threaten the massive connectivity of end-devices. This study proposes a defense mechanism to mitigate DDoS attacks in container-based MEC networks using Kubernetes. The mechanism dynamically scales Containerized Network Functions (CNFs) with auto-scaling through an Intrusion Detection and Prevention System (IDPS). The architecture of the proposed mechanism leverages distributed edge clusters and Kubernetes to manage resources and balance the load of IDPS CNFs. Experiments conducted in a real MEC environment using OpenShift and Telco-grade MEC profiles demonstrate the effectiveness of the proposed mechanism against Domain Name System (DNS) flood and Yo-Yo attacks. Results also verify that Kubernetes efficiently meets the lightweight, agile, and dynamic resource management requirements of MEC networks.https://ieeexplore.ieee.org/document/10755088/Containerized network functions (CNF)distributed denial-of-service (DDoS)floodintrusion detection prevention system (IDPS)Kubernetesmobile edge computing (MEC) |
| spellingShingle | Sarp Koksal Ferhat Ozgur Catak Yaser Dalveren Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes IEEE Access Containerized network functions (CNF) distributed denial-of-service (DDoS) flood intrusion detection prevention system (IDPS) Kubernetes mobile edge computing (MEC) |
| title | Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes |
| title_full | Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes |
| title_fullStr | Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes |
| title_full_unstemmed | Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes |
| title_short | Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes |
| title_sort | flexible and lightweight mitigation framework for distributed denial of service attacks in container based edge networks using kubernetes |
| topic | Containerized network functions (CNF) distributed denial-of-service (DDoS) flood intrusion detection prevention system (IDPS) Kubernetes mobile edge computing (MEC) |
| url | https://ieeexplore.ieee.org/document/10755088/ |
| work_keys_str_mv | AT sarpkoksal flexibleandlightweightmitigationframeworkfordistributeddenialofserviceattacksincontainerbasededgenetworksusingkubernetes AT ferhatozgurcatak flexibleandlightweightmitigationframeworkfordistributeddenialofserviceattacksincontainerbasededgenetworksusingkubernetes AT yaserdalveren flexibleandlightweightmitigationframeworkfordistributeddenialofserviceattacksincontainerbasededgenetworksusingkubernetes |