DDoS Mitigation in Kubernetes: A Review of ExtendedBerkeley Packet Filtering and eXpress Data Path Technologies

Authors

Views: 750 Downloads: 630 DOI: https://doi.org/10.12962/j24068535.v23i2.a1268

Abstract

Kubernetes, as a widely adopted container orchestration platform, is increasingly targeted by sophisticated cyber threats, including Distributed Denial of Service (DDoS) attacks, which can severely compromise the stability, availability, and operational integrity of Kubernetes clusters by overwhelming the cluster’s control plane, disrupting pod scheduling, or saturating network resources. Emerging Linux kernel technologies, such as the Extended Berkeley Packet Filter (eBPF) and eXpress Data Path (XDP), offer innovative and efficient solutions to mitigate these challenges by enabling high-performance packet filtering, real-time traffic monitoring, and advanced intrusion detection directly within the kernel. These capabilities help reduce latency, enhance resource efficiency, and strengthen the security posture of modern cloud-native environments. This review explores advancements in network security by examining the integration of eBPF and XDP for defending Kubernetes environments against DDoS attacks. By analyzing existing studies and identifying their limitations, this review highlights the potential of these technologies to establish efficient, scalable, and adaptive mitigation frameworks. The insights gained from this research can guide the development of robust security policies tailored for modern containerized infrastructures.

Downloads

Download data is not yet available.

Author Biography

  • Mircea Ţălu, Technical University of Cluj-Napoca and SC ACCESA IT SYSTEMS SRL

    Mircea Țălu obtained his Bachelor’s degree in Computer Science from the Technical
    University of Cluj-Napoca, Romania, where he developed a robust foundation in computational
    theories, advanced algorithms, and cutting-edge software engineering principles. Currently, he is
    advancing his academic trajectory by pursuing a Master’s degree in Cybersecurity at the same
    institution, specializing in information security, cryptographic protocols, and secure
    communication architectures, focusing on enhancing the resilience of modern digital
    infrastructures. Professionally, Mircea Țălu holds the position of Software System Engineer at
    SC ACCESA IT SYSTEMS SRL, Cluj-Napoca, Romania, where he is actively involved in the
    research, development, and optimization of high-performance software solutions. His work
    focuses on designing and implementing scalable, efficient, and secure computing architectures,
    contributing to advancements in state-of-the-art digital technologies. His role encompasses the
    development of low-latency, high-throughput systems, security-enhanced software
    infrastructures, and performance-driven computational models, addressing complex challenges
    in modern digital systems. His primary research interests encompass a diverse range of cuttingedge
    topics, including WebAssembly, the Extended Berkeley Packet Filter (eBPF), eXpress
    Data Path (XDP), Edge Computing, the Internet of Things (IoT), Artificial Intelligence (AI),
    Blockchain Technology, Digital Forensics, AI-Driven Threat Intelligence, Cryptography, and
    Cybersecurity. His investigations focus on optimizing computational efficiency, fortifying cyber
    defense mechanisms, and pioneering secure and scalable architectures for modern digital
    systems. In addition to his academic and professional endeavors, Mircea Țălu holds the title of
    FIDE Master in chess, demonstrating exceptional analytical skills and strategic expertise on an
    international level. His achievements in chess further underscore his ability to approach complex
    problems with precision and creativity.

Downloads

Published

2025-07-08

Issue

Vol.23, No.2, July 2025

Section

Articles

License

Copyright (c) 2025 Mircea Ţălu

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in JUTI unless they receive approval for doing so from the Editor-in-Chief.

JUTI open access articles are distributed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.

How to Cite

[1]
M. Ţălu, “DDoS Mitigation in Kubernetes: A Review of ExtendedBerkeley Packet Filtering and eXpress Data Path Technologies”, JUTI, vol. 23, no. 2, pp. 60–73, Jul. 2025, doi: 10.12962/j24068535.v23i2.a1268.