TY - GEN
T1 - A Comparative Study of Security Mechanisms to Prevent Denial of Service (Dos) Attacks in Kubernetes
AU - Dikun, Sergej
AU - Ayala-Rivera, Vanessa
AU - Portillo-Dominguez, A. Omar
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Kubernetes is a powerful and widely used container orchestration platform. However, its popularity also makes it an attractive target for cybersecurity attacks such as Denial-of-Service (DoS), which can significantly disrupt the services and operations of organizations. To help to improve the security practices of Kubernetes-based clusters, we present a comparative study in which we systematically evaluated six popular security defense mechanisms (i.e., Rate Limiting, Resource Quotas, Network Policies, Role-Based Access Control, API Rate Limiting, and Service Meshes) against DoS attacks. Using a controlled test environment with Minikube, we assess each mechanism's effectiveness at blocking attacks, its performance overhead, and its operational complexity. Our results show that no single mechanism is sufficient on its own; instead, a layered combination yields the strongest defense. We conclude with actionable guidance for practitioners on selecting and integrating these mechanisms to enhance Kubernetes resilience against DoS threats.
AB - Kubernetes is a powerful and widely used container orchestration platform. However, its popularity also makes it an attractive target for cybersecurity attacks such as Denial-of-Service (DoS), which can significantly disrupt the services and operations of organizations. To help to improve the security practices of Kubernetes-based clusters, we present a comparative study in which we systematically evaluated six popular security defense mechanisms (i.e., Rate Limiting, Resource Quotas, Network Policies, Role-Based Access Control, API Rate Limiting, and Service Meshes) against DoS attacks. Using a controlled test environment with Minikube, we assess each mechanism's effectiveness at blocking attacks, its performance overhead, and its operational complexity. Our results show that no single mechanism is sufficient on its own; instead, a layered combination yields the strongest defense. We conclude with actionable guidance for practitioners on selecting and integrating these mechanisms to enhance Kubernetes resilience against DoS threats.
KW - Cybersecurity
KW - Denial-of-Service
KW - Kubernetes
KW - Secure Software Engineering
UR - https://www.scopus.com/pages/publications/105034808424
U2 - 10.1109/CONISOFT66928.2025.00037
DO - 10.1109/CONISOFT66928.2025.00037
M3 - Conference contribution
AN - SCOPUS:105034808424
T3 - Proceedings - 2025 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
SP - 223
EP - 232
BT - Proceedings - 2025 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
A2 - Juarez-Ramirez, Reyes
A2 - Fernandez y Fernandez, Carlos
A2 - Jimenez, Samantha
A2 - Ramirez-Noriega, Alan
A2 - Guerra-Garcia, Cesar
A2 - Sandoval, Guillermo Licea
A2 - Hernandez-Ocharan, Jorge Octavio
A2 - Aispuro-Felix, Elvia
A2 - Kumar, Abhishek
A2 - Pastrana Pardo, Manuel Alejandro
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
Y2 - 27 October 2025 through 31 October 2025
ER -