Mitigating DDoS attacks in containerized environments: A comparative analysis of Docker and Kubernetes

• Published in: Journal of parallel and distributed computing Vol. 204; p. 105130
• Main Authors: Chuang, Yung-Ting, Tu, Chih-Han
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 01.10.2025
• Subjects: Containerization; DDoS attacks and defenses; Docker; Kubernetes; Web services security; Web services security; DDoS attacks and defenses; Containerization; Docker; Kubernetes
• ISSN: 0743-7315
• DOI: 10.1016/j.jpdc.2025.105130

Containerization has become the primary method for deploying applications, with web services being the most prevalent. However, exposing server IP addresses to external connections renders containerized services vulnerable to DDoS attacks, which can deplete server resources and hinder legitimate user access. To address this issue, we implement twelve different mitigation strategies, test them across three common types of web services, and conduct experiments on both Docker and Kubernetes deployment platforms. Furthermore, this study introduces a cross-platform, orchestration-aware evaluation framework that simulates realistic multi-service workloads and analyzes defense strategy performance under varying concurrency conditions. Experimental results indicate that Docker excels in managing white-listed traffic and delaying attacker responses, while Kubernetes achieves low completion times, minimum response times, and low failure rates by processing all requests simultaneously. Based on these findings, we provide actionable insights for selecting appropriate mitigation strategies tailored to different orchestration environments and workload patterns, offering practical guidance for securing containerized deployments against low-rate DDoS threats. Our work not only provides empirical performance evaluations but also reveals deployment-specific trade-offs, offering strategic recommendations for building resilient cloud-native infrastructures. •Twelve mitigation strategies were evaluated across Docker and Kubernetes platforms.•Experiments applied realistic multi-service workloads and varying concurrency levels.•Platform-aware insights reveal orchestration trade-offs affecting mitigation outcomes.•Offers practical deployment guidance for DDoS resilience in containerized systems.