Flexible and Lightweight Mitigation Framework for Distributed Denial-Of Attacks in Container-Based Edge Networks Using Kubernetes

No Thumbnail Available

Date

2024

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Ieee-inst Electrical Electronics Engineers inc

Open Access Color

OpenAIRE Downloads

OpenAIRE Views

Research Projects

Organizational Units

Thumbnail Image
Organizational Unit
Department of Electrical & Electronics Engineering
Department of Electrical and Electronics Engineering (EE) offers solid graduate education and research program. Our Department is known for its student-centered and practice-oriented education. We are devoted to provide an exceptional educational experience to our students and prepare them for the highest personal and professional accomplishments. The advanced teaching and research laboratories are designed to educate the future workforce and meet the challenges of current technologies. The faculty's research activities are high voltage, electrical machinery, power systems, signal and image processing and photonics. Our students have exciting opportunities to participate in our department's research projects as well as in various activities sponsored by TUBİTAK, and other professional societies. European Remote Radio Laboratory project, which provides internet-access to our laboratories, has been accomplished under the leadership of our department with contributions from several European institutions.

Journal Issue

Abstract

Mobile Edge Computing (MEC) has a significant potential to become more prevalent in Fifth Generation (5G) networks, requiring resource management that is lightweight, agile, and dynamic. Container-based virtualization platforms, such as Kubernetes, have emerged as key enablers for MEC environments. However, network security and data privacy remain significant concerns, particularly due to Distributed Denial-of-Service (DDoS) attacks that threaten the massive connectivity of end-devices. This study proposes a defense mechanism to mitigate DDoS attacks in container-based MEC networks using Kubernetes. The mechanism dynamically scales Containerized Network Functions (CNFs) with auto-scaling through an Intrusion Detection and Prevention System (IDPS). The architecture of the proposed mechanism leverages distributed edge clusters and Kubernetes to manage resources and balance the load of IDPS CNFs. Experiments conducted in a real MEC environment using OpenShift and Telco-grade MEC profiles demonstrate the effectiveness of the proposed mechanism against Domain Name System (DNS) flood and Yo-Yo attacks. Results also verify that Kubernetes efficiently meets the lightweight, agile, and dynamic resource management requirements of MEC networks.

Description

Keywords

Servers, Denial-of-service attack, Cloud computing, Computer crime, Resource management, Prevention and mitigation, Dynamic scheduling, Quality of service, Image edge detection, Computer architecture, Containerized network functions (CNF), distributed denial-of-service (DDoS), flood, intrusion detection prevention system (IDPS), Kubernetes, mobile edge computing (MEC), Yo-Yo

Turkish CoHE Thesis Center URL

Fields of Science

Citation

WoS Q

Q2

Scopus Q

Q1

Source

Volume

12

Issue

Start Page

172980

End Page

172991

URI

https://doi.org/10.1109/ACCESS.2024.3501192
 https://hdl.handle.net/20.500.14411/10283

Collections

WoS
Scopus
SCOPUS™ Citations

1

checked on Oct 19, 2025

Web of Science™ Citations

1

checked on Oct 19, 2025

Google Scholar Logo
Google Scholar™
Check

Sustainable Development Goals

SDG data is not available