Multi Layer Protection Against Low Rate DDoS Attacks in Containerized Systems

• URL: http://arxiv.org/abs/2602.11407v1
• Date: Wed, 11 Feb 2026 22:18:48 GMT
• Title: Multi Layer Protection Against Low Rate DDoS Attacks in Containerized Systems
• Authors: Ahmad Fareed, Bilal Al Habib, Anne Pepita Francis,
• Abstract summary: This work proposes a DDoS mitigation system that effectively defends against low rate DDoS attacks in containerized environments.<n>The solution integrates a Web Application Firewall WAF, rate limiting, dynamic blacklisting, TCP and UDP header analysis, and zero trust principles.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Low rate Distributed Denial of Service DDoS attacks have emerged as a major threat to containerized cloud infrastructures. Due to their low traffic volumes, these attacks can be difficult to detect and mitigate, potentially causing serious harm to internet applications. This work proposes a DDoS mitigation system that effectively defends against low rate DDoS attacks in containerized environments using a multi layered defense strategy. The solution integrates a Web Application Firewall WAF, rate limiting, dynamic blacklisting, TCP and UDP header analysis, and zero trust principles to detect and block malicious traffic at different stages of the attack life cycle. By applying zero trust principles, the system ensures that each data packet is carefully inspected before granting access, improving overall security and resilience. Additionally, the systems integration with Docker orchestration facilitates deployment and management in containerized settings.

Related papers

• CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents [60.98294016925157]
  AI agents are vulnerable to prompt injection attacks, where malicious content hijacks agent behavior to steal credentials or cause financial loss.<n>We introduce Single-Shot Planning for CUAs, where a trusted planner generates a complete execution graph with conditional branches before any observation of potentially malicious content.<n>Although this architectural isolation successfully prevents instruction injections, we show that additional measures are needed to prevent Branch Steering attacks.
  arXiv  Detail & Related papers  (2026-01-14T23:06:35Z)
• Securing the Model Context Protocol (MCP): Risks, Controls, and Governance [1.4072883206858737]
  We focus on three types of adversaries that take advantage of MCP s flexibility.<n>Based on early incidents and proof-of-concept attacks, we describe how MCP can increase the attack surface.<n>We propose a set of practical controls, including per-user authentication with scoped authorization.
  arXiv  Detail & Related papers  (2025-11-25T23:24:26Z)
• Proactive DDoS Detection and Mitigation in Decentralized Software-Defined Networking via Port-Level Monitoring and Zero-Training Large Language Models [3.6260109722491465]
  Software-Defined Networking (cSDN) offers flexible and programmable control of networks but suffers from scalability and reliability issues.<n>Decentralized SDN (dSDN) Distributed alleviates these concerns by distributing control across multiple local controllers.<n>This architecture remains highly vulnerable to Denial-of-Service (DDoS) attacks.<n>We propose a novel detection and mitigation framework tailored for dSDN environments.
  arXiv  Detail & Related papers  (2025-11-01T08:57:29Z)
• Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
  Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
  arXiv  Detail & Related papers  (2025-09-19T04:10:52Z)
• DDoS Attacks in Cloud Computing: Detection and Prevention [1.0143600140042057]
  DDoS attacks are one of the most prevalent and harmful cybersecurity threats faced by organizations and individuals.<n>The study analyzes various types of DDoS attacks, including volumetric, protocol, and application layer attacks.<n>It examines the existing techniques used for DDoS attack detection, such as packet filtering, intrusion detection systems, and machine learning-based approaches.
  arXiv  Detail & Related papers  (2025-08-19T05:27:37Z)
• BlindGuard: Safeguarding LLM-based Multi-Agent Systems under Unknown Attacks [58.959622170433725]
  BlindGuard is an unsupervised defense method that learns without requiring any attack-specific labels or prior knowledge of malicious behaviors.<n>We show that BlindGuard effectively detects diverse attack types (i.e., prompt injection, memory poisoning, and tool attack) across multi-agent systems.
  arXiv  Detail & Related papers  (2025-08-11T16:04:47Z)
• eBPF-Based Real-Time DDoS Mitigation for IoT Edge Devices [0.0]
  Internet of Things (IoT) has intensified security challenges, notably from Distributed Denial of Service (DDoS) attacks launched by compromised devices.<n>Traditional defenses are often ill-suited for the IoT paradigm, creating a need for lightweight, high-performance, edge-based solutions.<n>This paper presents the design, implementation, and evaluation of an IoT security framework that leverages the extended Berkeley Packet Filter (eBPF) and the eXpress Data Path (XDP)<n>The framework is evaluated using both Docker-based simulations and real-world deployment on a Raspberry Pi 4, showing over 97% mitigation effectiveness under a 100 Mbps flood.
  arXiv  Detail & Related papers  (2025-07-13T03:35:58Z)
• DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
  Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
  arXiv  Detail & Related papers  (2025-06-13T05:01:09Z)
• Tit-for-Tat: Safeguarding Large Vision-Language Models Against Jailbreak Attacks via Adversarial Defense [90.71884758066042]
  Large vision-language models (LVLMs) introduce a unique vulnerability: susceptibility to malicious attacks via visual inputs.<n>We propose ESIII (Embedding Security Instructions Into Images), a novel methodology for transforming the visual space from a source of vulnerability into an active defense mechanism.
  arXiv  Detail & Related papers  (2025-03-14T17:39:45Z)
• Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies [49.57278643040602]
  Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure.<n>This paper offers a comprehensive survey of emerging DDoS attacks and detection strategies over the past decade.
  arXiv  Detail & Related papers  (2025-02-27T11:22:25Z)
• Detecting Distributed Denial of Service Attacks Using Logistic Regression and SVM Methods [0.0]
  The goal of this paper is to detect DDoS attacks from all service requests and classify them according to DDoS classes. Two (2) different machine learning approaches, SVM and Logistic Regression, are implemented in the dataset for detecting and classifying DDoS attacks. Logistic Regression and SVM both achieve 98.65% classification accuracy which is the highest achieved accuracy among other previous experiments with the same dataset.
  arXiv  Detail & Related papers  (2024-11-21T13:15:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.