Multi Layer Protection Against Low Rate DDoS Attacks in Containerized Systems
Ahmad Fareed, Bilal Al Habib, Anne Pepita Francis
TL;DR
This paper addresses low-rate DDoS threats against containerized cloud applications and proposes a layered defense combining rate limiting, dynamic blacklisting, TCP/UDP header analysis, Mod-Security-based WAF, and a DDoS sandbox under a zero-trust framework. The approach emphasizes continuous verification and micro-segmentation, distributed across two containers plus a sandbox, to inspect traffic at ingress, network, and application layers. Key contributions include an integrated, container-friendly defense stack and qualitative results showing improved resilience and manageable deployment with Docker orchestration. The work offers practical guidance for deploying multi-layered, zero-trust DDoS defenses in modern containerized environments, with room for ML-based automation and honeypot extensions.
Abstract
Low rate Distributed Denial of Service DDoS attacks have emerged as a major threat to containerized cloud infrastructures. Due to their low traffic volumes, these attacks can be difficult to detect and mitigate, potentially causing serious harm to internet applications. This work proposes a DDoS mitigation system that effectively defends against low rate DDoS attacks in containerized environments using a multi layered defense strategy. The solution integrates a Web Application Firewall WAF, rate limiting, dynamic blacklisting, TCP and UDP header analysis, and zero trust principles to detect and block malicious traffic at different stages of the attack life cycle. By applying zero trust principles, the system ensures that each data packet is carefully inspected before granting access, improving overall security and resilience. Additionally, the systems integration with Docker orchestration facilitates deployment and management in containerized settings.