Treffer: ReDoS Defense Method Based on Moving Target Defense in Cloud-native Environment.

In addressing the inefficiencies and limitations in proactive defense against Regular Expression Denial of Service (ReDoS) attacks in cloud-native environments, we have developed a defense method based on Moving Target Defense (MTD) technology. Initially, we analyzed the behaviors of both attackers and defenders within microservice applications characteristic of cloud-native environments. Subsequently, leveraging Kubernetes, we de signed an MTD-based defense system. This system incorporates dynamic and static multi-dimensional microservice weight indices based on topology information and request arrival rates, as well as service efficiency judgment indices based on queue theory. It also includes a method for selecting the timing of key microservice rotations to guide the selection and rotation timings of critical microservices. Finally, we introduced a multi-dimensional MTD heterogeneous rotation algorithm, grounded in heterogeneity and service efficiency, and conducted simulations using Python. Experimental results indicate that our proposed algorithm reduces defense latency by approximately 50% com pared to dynamic scaling and that defense costs stabilize after the initial defense against an attack, preventing continuous growth. [ABSTRACT FROM AUTHOR]

Copyright of Journal of Zhengzhou University: Engineering Science is the property of Editorial Office of Journal of Zhengzhou University: Engineering Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)