{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:49:56Z","timestamp":1773514196205,"version":"3.50.1"},"reference-count":73,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T00:00:00Z","timestamp":1748304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Science Foundation","doi-asserted-by":"publisher","award":["AST-2229104"],"award-info":[{"award-number":["AST-2229104"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Red Hat Collaboratory at Boston University","award":["2025-01-RH05"],"award-info":[{"award-number":["2025-01-RH05"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2025,5,27]]},"abstract":"\n The flexibility and scale of networks achievable by modern cloud computer architectures, particularly Kubernetes (K8s)-based applications, are rivaled only by the resulting complexity required to operate at scale in a responsive manner. This leaves applications vulnerable to\n Economic Denial of Sustainability<\/jats:italic>\n (EDoS) attacks, designed to force service withdrawal via draining the target of the financial means to support the application. With the public cloud market projected to reach three quarters of a trillion dollars USD by the end of 2025, this is a major consideration. In this paper, we develop a theoretical model to reason about EDoS attacks on K8s. We determine scaling thresholds based on Markov Decision Processes (MDPs), incorporating costs of operating K8s replicas, Service Level Agreement violations, and minimum service charges imposed by billing structures. We build on top of the MDP model a Stackelberg game, determining the circumstances under which an adversary injects traffic. The optimal policy returned by the MDP is generally of hysteresis-type, but not always. Specifically, through numerical evaluations we show examples where charges on an hourly resolution eliminate incentives for scaling down resources. Furthermore, through the use of experiments on a realistic K8s cluster, we show that, depending on the billing model employed and the customer workload characteristics, an EDoS attack can result in a 4\u00d7 increase in traffic intensity resulting in a 3.6\u00d7 decrease in efficiency. Interestingly, increasing the intensity of an attack may render it less efficient per unit of attack power. Finally, we demonstrate a proof-of-concept for a countermeasure involving custom scaling metrics where autoscaling decisions are randomized. We demonstrate that per-minute utilization charges are reduced compared to standard scaling, with negligible drops in requests.\n <\/jats:p>","DOI":"10.1145\/3727114","type":"journal-article","created":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T09:43:35Z","timestamp":1749030215000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Exploiting Kubernetes Autoscaling for Economic Denial of Sustainability"],"prefix":"10.1145","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7029-2836","authenticated-orcid":false,"given":"Jonathan","family":"Chamberlain","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, Boston, Massachusetts, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0542-6955","authenticated-orcid":false,"given":"Jilin","family":"Zheng","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, Boston, Massachusetts, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4413-6060","authenticated-orcid":false,"given":"Zeying","family":"Zhu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Maryland, College Park, Maryland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9119-1679","authenticated-orcid":false,"given":"Zaoxing","family":"Liu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Maryland, College Park, Maryland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8071-3865","authenticated-orcid":false,"given":"David","family":"Starobinski","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Boston University, Boston, Massachusetts, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,6,3]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","unstructured":"Chaitanya Agarwal Shibashis Guha Jan Kret\u00ednsk\u00fd and M. Pazhamalai. 2024. PAC statistical model checking of mean payoff in discrete- and continuous-time MDP. Formal Methods in System Design (8 2024) 1--43. doi:10.1007\/s10703-024-00463-0","DOI":"10.1007\/s10703-024-00463-0"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2019.03.010"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.3390\/s22134685"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448613"},{"key":"e_1_2_1_5_1","volume-title":"Probability, Statistics, and Queueing Theory With Computer Science Applications","author":"Allen Arnold O.","unstructured":"Arnold O. Allen. 2014. Probability, Statistics, and Queueing Theory With Computer Science Applications (2nd ed.). Academic Press, San Diego, CA, USA.","edition":"2"},{"key":"e_1_2_1_6_1","unstructured":"AmazonWeb Services. 2024. AnomalyMonitor - AWS Billing and Cost Management. https:\/\/docs.aws.amazon.com\/awscost-management\/latest\/APIReference\/API_AnomalyMonitor.html"},{"key":"e_1_2_1_7_1","unstructured":"Amazon Web Services. 2024. EC2 On-Demand Instance Pricing. https:\/\/aws.amazon.com\/ec2\/pricing\/on-demand\/"},{"key":"e_1_2_1_8_1","unstructured":"AmazonWeb Services. 2024. Red Hat Enterprise Linux on AWS Pricing. https:\/\/aws.amazon.com\/partners\/redhat\/rhelpricing\/"},{"key":"e_1_2_1_9_1","unstructured":"Apache Software Foundation. 1999. Apache jMeter. https:\/\/jmeter.apache.org\/"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2764468.2764478"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/WF-IoT54382.2022.10152289"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2017.8057010"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366627.3368111"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2014.7004217"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICECOS.2017.8167135"},{"key":"e_1_2_1_16_1","unstructured":"CloudZero. 2024. Kubernetes Cost Optimization Software. https:\/\/www.cloudzero.com\/solutions\/kubernetes\/"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1134707.1134717"},{"key":"e_1_2_1_18_1","volume-title":"Kubernetes Auto-Scaling: YoYo attack vulnerability and mitigation. Master's thesis","author":"David Ronen Ben","unstructured":"Ronen Ben David. 2021. Kubernetes Auto-Scaling: YoYo attack vulnerability and mitigation. Master's thesis. Reichman University."},{"key":"e_1_2_1_19_1","volume-title":"Docker: Accelerated Container Application Development. https:\/\/www.docker.com\/","author":"Docker Inc.","year":"2025","unstructured":"Docker Inc. 2025. Docker: Accelerated Container Application Development. https:\/\/www.docker.com\/"},{"key":"e_1_2_1_20_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. {ZMap}: Fast internet-wide scanning and its security applications. In 22nd USENIX Security Symposium (USENIX Security 13) (Washington, DC, USA). USENIX Association, 605--620."},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the 28th Annual Allerton Conference on Communications, Control and Computing. 674--683","author":"Economides A.A.","unstructured":"A.A. Economides and J.A. Silvester. 1990. Priority load sharing: An approach using Stackelberg games. In Proceedings of the 28th Annual Allerton Conference on Communications, Control and Computing. 674--683."},{"key":"e_1_2_1_22_1","volume-title":"AWS Best Practices for DDoS Resiliency: AWS Whitepaper. (8","author":"Ferroni Rodrigo","year":"2023","unstructured":"Rodrigo Ferroni, Dmitriy Novikov, Achraf Souk, Joanna Knox, Anuj Butail, and Harith Gaddamanugu. 2023. AWS Best Practices for DDoS Resiliency: AWS Whitepaper. (8 2023). https:\/\/docs.aws.amazon.com\/whitepapers\/latest\/aws-bestpractices-ddos-resiliency\/aws-best-practices-ddos-resiliency.html"},{"key":"e_1_2_1_23_1","volume-title":"Gartner Forecasts Worldwide Public Cloud End-User Spending to Total $723 Billion","year":"2025","unstructured":"Gartner. 2024. Gartner Forecasts Worldwide Public Cloud End-User Spending to Total $723 Billion in 2025. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2024--11--19-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-total-723-billion-dollars-in-2025"},{"key":"e_1_2_1_24_1","unstructured":"Google Cloud. 2024. Google Kubertes Engine (GKE). https:\/\/cloud.google.com\/kubernetes-engine\/#pricing"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid51090.2021.00085"},{"key":"e_1_2_1_26_1","unstructured":"Grafana Labs. 2015. Grafana. https:\/\/grafana.com\/"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.005"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.005"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJGUC.2019.099667"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-024-00699--5"},{"key":"e_1_2_1_31_1","unstructured":"Imperva. 2021. Global DDoS Threat Landscape Report. (2021). https:\/\/www.imperva.com\/resources\/reports\/Imperva_2021-DDoS-Report.pdf"},{"key":"e_1_2_1_32_1","unstructured":"Alain Jean-Marie and Emmanuel Hyon. 2024. Marmote's documentation. https:\/\/marmote.gitlabpages.inria.fr\/marmote\/index.html"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/OJCOMS.2021.3057679"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492323.3495588"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--44374--4_27"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2016.0011"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2020.2998017"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1287\/opre.47.2.310"},{"key":"e_1_2_1_39_1","unstructured":"The Kubernetes Authors. 2025. Cluster Autoscaling. https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/cluster-autoscaling\/"},{"key":"e_1_2_1_40_1","unstructured":"The Kubernetes Authors. 2025. Horizontal Pod Autoscaling. https:\/\/kubernetes.io\/docs\/tasks\/run-application\/horizontal-pod-autoscale\/"},{"key":"e_1_2_1_41_1","unstructured":"The Kubernetes Authors. 2025. Kubernetes. https:\/\/kubernetes.io"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/PDP.2016.70"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-018--2256--2"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--662--48324--4_31"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0166--5316(98)00043--1"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.3390\/math11122675"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2019.07.002"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3260069"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASCOTS.2014.32"},{"key":"e_1_2_1_50_1","unstructured":"New England Research Cloud. 2024. How Does NERC Pricing Work? https:\/\/nerc-project.github.io\/nerc-docs\/getstarted\/cost-billing\/how-pricing-works\/"},{"key":"e_1_2_1_51_1","unstructured":"NewEgg. 2025. 2000W Bitcoin mining PSU PC Power Supply Computer Mining Rig 8 GPU ATX Ethereum Coin 12v 4 pin power supply. https:\/\/www.newegg.com\/p\/1HU-034G-00005"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.geb.2017.02.004"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM47813.2019.9020984"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.peva.2014.02.002"},{"key":"e_1_2_1_55_1","unstructured":"Prometheus Authors. 2014. Prometheus. https:\/\/prometheus.io\/"},{"key":"e_1_2_1_56_1","volume-title":"Markov Decision Processes: Discrete Stochastic Dynamic Programming","author":"Puterman Martin L.","unstructured":"Martin L. Puterman. 1994. Markov Decision Processes: Discrete Stochastic Dynamic Programming. Wiley & Sons, Hoboken, New Jersey, USA."},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2021.08.014"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1117\/12.2674779"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-023-00471--1"},{"key":"e_1_2_1_60_1","volume-title":"2020 USENIX Annual Technical Conference (USENIX ATC 20)","author":"Shahrad Mohammad","year":"2020","unstructured":"Mohammad Shahrad, Rodrigo Fonseca, Inigo Goiri, Gohar Chaudhry, Paul Batum, Jason Cooke, Eduardo Laureano, Colby Tresness, Mark Russinovich, and Ricardo Bianchini. 2020. Serverless in the wild: Characterizing and optimizing the serverless workload at a large cloud provider. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). USENIX Association, 205--218. https:\/\/www.usenix.org\/conference\/atc20\/presentation\/shahrad"},{"key":"e_1_2_1_61_1","volume-title":"Markov Chains and Decision Processes for Engineers and Managers","author":"Sheskin Theodore J","unstructured":"Theodore J Sheskin. 2016. Markov Chains and Decision Processes for Engineers and Managers. CBC Press, Boca Raton, FL, USA."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2981546"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/775"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1023\/B:JOTP.0000011995.28536.ef"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2021.3064629"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3052837"},{"key":"e_1_2_1_67_1","unstructured":"Jo\u00e3o Tom\u00e9. 2024. From Deals to DDoS: exploring Cyber Week 2024 Internet trends. https:\/\/blog.cloudflare.com\/fromdeals-to-ddos-exploring-cyber-week-2024-internet-trends\/"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3603532"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--61362--4_32"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.23919\/INM.2017.7987436"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASCOTS.2018.00030"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dcan.2019.07.002"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICWS.2019.00023"}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3727114","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3727114","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T21:31:54Z","timestamp":1755898314000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3727114"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,27]]},"references-count":73,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,5,27]]}},"alternative-id":["10.1145\/3727114"],"URL":"https:\/\/doi.org\/10.1145\/3727114","relation":{},"ISSN":["2476-1249"],"issn-type":[{"value":"2476-1249","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,27]]},"assertion":[{"value":"2025-06-03","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}