Modeling flood-based DDoS attacks in container-based cloud environments

Kapere, Andrew

View/Open

Master's dissertation (5.113Mb)

Date

2024-10

Author

Kapere, Andrew

Metadata

Show full item record

Abstract

Prior studies investigated the performance of regular and malicious attack traffic based on queuing theory to scrutinize how container-based cloud environments behave under lowrate DDoS attacks; however, the studies only focused on mitigating the low-rate DDoS attack without considering other kinds of DDoS attacks. There are other types of DDoS attacks, like the flood-based DDoS attack in container-based cloud environments, where the attacker usually uses massive requests to flood services. Therefore, this study developed a model that captures the characteristics of flood-based DDoS attacks in container-based cloud environments. The numerical results obtained from the derived model are used to evaluate the performance of the proposed models. The performance of the system is assessed in terms of the average number of requests in the buffer and average staying time as performance metrics. By simulating the characteristics of flood-based DDoS traffic, which are the burstiness and exponential nature, results indicate that both M/M/c and MMP P/M/c models behave the same way when subject to the same traffic scenarios. The MMP P/M/c model can be used to perform analysis of traffic in different Markov chain states. In the MMP P/M/c model, the different characteristics of the arrival traffic can be analysed independently in separate states and as combined traffic, to analyse the system performance. This enabled the detailed analysis of the characteristics of flood-based DDoS attack traffic independent of each other and when combined. Results indicate that as the probability of flood-based DDoS attack traffic increases and the probability of regular traffic decreases over Markov discrete time steps t. The arrival rate of flood-based attack traffic increases exponentially and is random, while regular traffic is kept constant. We assumed decreasing and increasing probabilities for the regular traffic and flood-based DDoS attack traffic, respectively. The lower parts of the flood-based DDoS attack traffic probabilities, the number of requests in the buffer, and the average staying time for the MMP P/M/c were slightly higher than those of the M/M/c and the two graphs converge as the probability of attack traffic increases with a decrease in the probability of regular traffic over time t. When examining the performance of a container-based cloud environment in the midst of bursty and correlated flood-based DDoS traffic, the MMP P/M/c model can be utilised to analyse the characteristics of arrival traffic in various states.

URI

http://hdl.handle.net/10570/14233

Collections

School of Computing and Informatics Technology (CIT) Collection