{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T06:30:04Z","timestamp":1766212204376,"version":"3.48.0"},"reference-count":50,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T00:00:00Z","timestamp":1765843200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202097"],"award-info":[{"award-number":["62202097"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072100"],"award-info":[{"award-number":["62072100"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Frontier Technologies R & D Program of Jiangsu","award":["BF2025026"],"award-info":[{"award-number":["BF2025026"]}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2024T170143"],"award-info":[{"award-number":["2024T170143"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2022M710677"],"award-info":[{"award-number":["2022M710677"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Jiangsu Funding Program for Excellent Postdoctoral Talent","award":["2022ZB137"],"award-info":[{"award-number":["2022ZB137"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"Cloud-native microservice architectures offer scalability and resilience but introduce complex interdependencies and new attack surfaces, making them vulnerable to resource-exhaustion Distributed Denial-of-Service (DDoS) attacks. These attacks propagate along service call chains, closely mimic legitimate traffic, and evade traditional detection and mitigation techniques, resulting in cascading bottlenecks and degraded Quality of Service (QoS). Existing Moving Target Defense (MTD) approaches lack adaptive, cost-aware policy guidance and are often ineffective against spatiotemporally adaptive adversaries. To address these challenges, this paper proposes ScaleShield, an adaptive MTD framework powered by Deep Reinforcement Learning (DRL) that learns coordinated, attack-aware defense policies for microservices. ScaleShield formulates defense as a Markov Decision Process (MDP) over multi-dimensional discrete actions, leveraging a Multi-Dimensional Double Deep Q-Network (MD3QN) to optimize service availability and minimize operational overhead. Experimental results demonstrate that ScaleShield achieves near 100% defense success rates and reduces compromised nodes to zero within approximately 5 steps, significantly outperforming state-of-the-art baselines. It lowers service latency by up to 72% under dynamic attacks while maintaining over 94% resource efficiency, providing robust and cost-effective protection against resource-exhaustion DDoS attacks in cloud-native environments.<\/jats:p>","DOI":"10.3390\/fi17120580","type":"journal-article","created":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T14:36:53Z","timestamp":1765895813000},"page":"580","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Microservice Security Through Adaptive Moving Target Defense Policies to Mitigate DDoS Attacks in Cloud-Native Environments"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8626-0468","authenticated-orcid":false,"given":"Yuyang","family":"Zhou","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7504-8688","authenticated-orcid":false,"given":"Guang","family":"Cheng","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3601-1641","authenticated-orcid":false,"given":"Kang","family":"Du","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,16]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/JPROC.2024.3353855","article-title":"Cloud-native computing: A survey from the perspective of services","volume":"112","author":"Deng","year":"2024","journal-title":"Proc. IEEE"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1983","DOI":"10.1109\/TSC.2024.3399650","article-title":"An efficient algorithm for microservice placement in cloud-edge collaborative computing environment","volume":"17","author":"He","year":"2024","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"7875","DOI":"10.1109\/JSEN.2024.3502254","article-title":"Serverless microservice architecture for cloud-edge intelligence in sensor networks","volume":"25","author":"Loconte","year":"2024","journal-title":"IEEE Sens. J."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"3276","DOI":"10.1109\/TSC.2025.3597631","article-title":"Time-Varying Microservice Orchestration with Routing for Dynamic Call Graphs via Multi-Scale Deep Reinforcement Learning","volume":"18","author":"Hu","year":"2025","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1109\/MNET.2025.3541032","article-title":"Trusted Microservice Orchestration for Secure Edge Computing in Industrial Cyber-Physical Systems","volume":"39","author":"Mahmud","year":"2025","journal-title":"IEEE Netw."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"90252","DOI":"10.1109\/ACCESS.2024.3406500","article-title":"A systematic literature review of inter-service security threats and mitigation strategies in microservice architectures","volume":"12","author":"Haindl","year":"2024","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"27","DOI":"10.63180\/jcsra.thestap.2025.2.3","article-title":"Classification of threats and countermeasures of cloud computing","volume":"2025","author":"Almanasir","year":"2025","journal-title":"J. Cyber Secur. Risk Audit."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"604","DOI":"10.1109\/TSC.2024.3376202","article-title":"PBScaler: A bottleneck-aware autoscaling framework for microservice-based applications","volume":"17","author":"Xie","year":"2024","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"958","DOI":"10.1109\/TNSM.2021.3052837","article-title":"Machine learning-based scaling management for kubernetes edge clusters","volume":"18","author":"Toka","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"155168","DOI":"10.1109\/ACCESS.2024.3481374","article-title":"Microservice vulnerability analysis: A literature review with empirical insights","volume":"12","author":"Jayalath","year":"2024","journal-title":"IEEE Access"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Bremler-Barr, A., Czeizler, M., Levy, H., and Tavori, J. (2024, January 20\u201323). Exploiting miscoordination of microservices in tandem for effective DDoS attacks. Proceedings of the IEEE INFOCOM 2024-IEEE Conference on Computer Communications, Vancouver, BC, Canada.","DOI":"10.1109\/INFOCOM52122.2024.10621335"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.comcom.2024.04.001","article-title":"SDN-based detection and mitigation of DDoS attacks on smart homes","volume":"221","author":"Garba","year":"2024","journal-title":"Comput. Commun."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Alenezi, M.N. (2025). Significance of Machine Learning-Driven Algorithms for Effective Discrimination of DDoS Traffic Within IoT Systems. Future Internet, 17.","DOI":"10.3390\/fi17060266"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1109\/TDSC.2023.3263137","article-title":"Testing the resilience of MEC-based IoT applications against resource exhaustion attacks","volume":"21","author":"Pietrantuono","year":"2023","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"474","DOI":"10.1109\/TDSC.2024.3403920","article-title":"Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms","volume":"22","author":"Shen","year":"2024","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"3497","DOI":"10.1109\/TCC.2023.3292378","article-title":"Proactive resource autoscaling scheme based on SCINet for high-performance cloud computing","volume":"11","author":"Jeong","year":"2023","journal-title":"IEEE Trans. Cloud Comput."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"100544","DOI":"10.1016\/j.cosrev.2023.100544","article-title":"A survey: When moving target defense meets game theory","volume":"48","author":"Tan","year":"2023","journal-title":"Comput. Sci. Rev."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"13384","DOI":"10.1109\/JIOT.2025.3533016","article-title":"Moving target defense meets artificial intelligence-driven network: A comprehensive survey","volume":"12","author":"Zhang","year":"2025","journal-title":"IEEE Internet Things J."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"5890","DOI":"10.1109\/TIFS.2023.3318964","article-title":"DOLOS: A novel architecture for moving target defense","volume":"18","author":"Pagnotta","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"5735","DOI":"10.1109\/TIFS.2023.3314219","article-title":"How to disturb network reconnaissance: A moving target defense approach based on deep reinforcement learning","volume":"18","author":"Zhang","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_21","unstructured":"(2025, December 10). Github\u2014SEU-ProactiveSecurity-Group\/ScaleShield. Available online: https:\/\/github.com\/SEU-ProactiveSecurity-Group\/ScaleShield."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"2543","DOI":"10.1109\/COMST.2024.3488580","article-title":"Online network dos\/ddos detection: Sampling, change point detection, and machine learning methods","volume":"27","author":"Owusu","year":"2024","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"13098","DOI":"10.1038\/s41598-024-84879-y","article-title":"Distributed denial-of-service (DDOS) attack detection using supervised machine learning algorithms","volume":"15","author":"Abiramasundari","year":"2025","journal-title":"Sci. Rep."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"172980","DOI":"10.1109\/ACCESS.2024.3501192","article-title":"Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using Kubernetes","volume":"12","author":"Koksal","year":"2024","journal-title":"IEEE Access"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"59","DOI":"10.63180\/jsrm.thestap.2025.1.3","article-title":"Responsive Machine Learning Framework and Lightweight Utensil of Prevention of Evasion Attacks in the IoT-Based IDS","volume":"2025","author":"Laila","year":"2025","journal-title":"STAP J. Secur. Risk Manag."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"103716","DOI":"10.1016\/j.cose.2024.103716","article-title":"Cyber-secure SDN: A CNN-based approach for efficient detection and mitigation of DDoS attacks","volume":"139","author":"Najar","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"4271","DOI":"10.1109\/TDSC.2023.3349180","article-title":"Effective DDoS mitigation via ML-driven in-network traffic shaping","volume":"21","author":"Zhao","year":"2024","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"100692","DOI":"10.1016\/j.cosrev.2024.100692","article-title":"A comprehensive review on Software-Defined Networking (SDN) and DDoS attacks: Ecosystem, taxonomy, traffic engineering, challenges and research directions","volume":"55","author":"Kaur","year":"2025","journal-title":"Comput. Sci. Rev."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1081","DOI":"10.1109\/TIFS.2024.3516560","article-title":"Reducing Internal Collateral Damage from Distributed Denial of Service (DDoS) Attacks through Micro-Service Cloud Architecture","volume":"20","author":"Kumar","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_30","unstructured":"Qiu, H., Mao, W., Wang, C., Franke, H., Youssef, A., Kalbarczyk, Z.T., Ba\u015far, T., and Iyer, R.K. (2023, January 10\u201312). {AWARE}: Automate workload autoscaling with reinforcement learning in production cloud systems. Proceedings of the 2023 USENIX Annual Technical Conference (USENIX ATC 23), Boston, MA, USA."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1109\/TSC.2024.3354062","article-title":"Autoscaling solutions for cloud applications under dynamic workloads","volume":"17","author":"Quattrocchi","year":"2024","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"102629","DOI":"10.1016\/j.jnca.2020.102629","article-title":"Application deployment using containers with auto-scaling for microservices in cloud environment","volume":"160","author":"Srirama","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Nguyen, T.T., Yeom, Y.J., Kim, T., Park, D.H., and Kim, S. (2020). Horizontal pod autoscaling in kubernetes for elastic container orchestration. Sensors, 20.","DOI":"10.3390\/s20164621"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"3961","DOI":"10.1109\/TNET.2024.3400953","article-title":"Deepscaling: Autoscaling microservices with stable cpu utilization for large scale production cloud systems","volume":"32","author":"Wang","year":"2024","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"5366","DOI":"10.1109\/TIFS.2021.3127009","article-title":"An SDN-enabled proactive defense framework for DDoS mitigation in IoT networks","volume":"16","author":"Zhou","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"2734","DOI":"10.1109\/TII.2021.3090719","article-title":"Toward proactive and efficient DDoS mitigation in IIoT systems: A moving target defense approach","volume":"18","author":"Zhou","year":"2022","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Cho, J.H., Moore, T.J., Kim, D.D., Lim, H., and Nelson, F. (2023, January 19\u201322). Evade: Efficient moving target defense for autonomous network topology shuffling using deep reinforcement learning. Proceedings of the International Conference on Applied Cryptography and Network Security, Kyoto, Japan.","DOI":"10.1007\/978-3-031-33488-7_21"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"168","DOI":"10.1109\/TNSM.2024.3413685","article-title":"Resource-efficient low-rate DDoS mitigation with moving target defense in edge clouds","volume":"22","author":"Zhou","year":"2024","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Yan, L., Zhou, Z., Yang, S., and Xu, C. (2024, January 8\u201312). Device-Cloud Collaborative DDoS Resistance for QoS-Sensitive Mobile Applications: A Seamlessly Shuffle-based Moving Target Defense Approach. Proceedings of the GLOBECOM 2024\u20142024 IEEE Global Communications Conference, Cape Town, South Africa.","DOI":"10.1109\/GLOBECOM52923.2024.10901635"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"103685","DOI":"10.1016\/j.cose.2023.103685","article-title":"Proactive defense mechanism: Enhancing IoT security through diversity-based moving target defense and cyber deception","volume":"139","author":"Rehman","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Yoon, H.J., Soon, D., Moore, T.J., Yoon, S., Lim, H., Kim, D., Nelson, F.F., and Cho, J.H. (November, January 28). Intrusion Response System for In-Vehicle Networks: Uncertainty-Aware Deep Reinforcement Learning-based Approach. Proceedings of the MILCOM 2024\u20142024 IEEE Military Communications Conference (MILCOM), Washington, DC, USA.","DOI":"10.1109\/MILCOM61039.2024.10773966"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Srinivasa Rao, P.S.V., Bhadula, S., R, B., Suryawanshi, P.B., Kumar Yadav, A., and Vekariya, D. (2024, January 28\u201330). Adaptive Traffic Management in Smart Cities using Deep Reinforcement Learning for IoT Mobile Ad Hoc Networks. Proceedings of the 2024 Second International Conference on Intelligent Cyber Physical Systems and Internet of Things (ICoICI), Coimbatore, India.","DOI":"10.1109\/ICoICI62503.2024.10696734"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"9591","DOI":"10.1109\/TVT.2024.3367657","article-title":"DRL-Based resource allocation game with influence of review information for vehicular edge computing systems","volume":"73","author":"Zhang","year":"2024","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_44","first-page":"1","article-title":"A review of symbolic, subsymbolic and hybrid methods for sequential decision making","volume":"56","author":"Mesejo","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Tellache, A., Mokhtari, A., Korba, A.A., and Ghamri-Doudane, Y. (2024, January 6\u201310). Multi-agent reinforcement learning-based network intrusion detection system. Proceedings of the NOMS 2024\u20142024 IEEE Network Operations and Management Symposium, Seoul, Republic of Korea.","DOI":"10.1109\/NOMS59830.2024.10575541"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"124606","DOI":"10.1016\/j.eswa.2024.124606","article-title":"Designing a resilient cloud network fulfilled by reinforcement learning","volume":"255","author":"Shahab","year":"2024","journal-title":"Expert Syst. Appl."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"968","DOI":"10.1109\/TPDS.2023.3236447","article-title":"\u03bcBench: An open-source factory of benchmark microservice applications","volume":"34","author":"Detti","year":"2023","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Gan, Y., Zhang, Y., Cheng, D., Shetty, A., Rathi, P., Katarki, N., Bruno, A., Hu, J., Ritchken, B., and Jackson, B. (2019, January 13\u201319). An open-source benchmark suite for microservices and their hardware-software implications for cloud & edge systems. Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, Providence, RI, USA.","DOI":"10.1145\/3297858.3304013"},{"key":"ref_49","unstructured":"(2025, December 10). Famous DDoS Attacks|Biggest DDoS Attacks|Cloudflare. Available online: https:\/\/www.cloudflare.com\/learning\/ddos\/famous-ddos-attacks."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Li, Y., Li, Y., Wang, G., and Hu, H. (2025). An Adaptive Dynamic Defense Strategy for Microservices Based on Deep Reinforcement Learning. Electronics, 14.","DOI":"10.3390\/electronics14204096"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/12\/580\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T05:12:04Z","timestamp":1766207524000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/12\/580"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,16]]},"references-count":50,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["fi17120580"],"URL":"https:\/\/doi.org\/10.3390\/fi17120580","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,12,16]]}}}