Automatic Adjustment of HPA Parameters and Attack Prevention in Kubernetes Using Random Forests

TL;DR

This paper presents a machine learning-based method using Random Forests to dynamically adjust Kubernetes HPA parameters for attack mitigation, reducing attack impact and preventing HPA over-expansion.

Contribution

It introduces a novel approach integrating Random Forest classification with HPA to detect attacks and automatically adjust scaling parameters in Kubernetes.

Findings

Effective attack detection and response using Random Forests.

Reduced 5XX error codes during attack scenarios.

Proper threshold settings are crucial for optimal HPA adjustments.

Abstract

In this paper, HTTP status codes are used as custom metrics within the HPA as the experimental scenario. By integrating the Random Forest classification algorithm from machine learning, attacks are assessed and predicted, dynamically adjusting the maximum pod parameter in the HPA to manage attack traffic. This approach enables the adjustment of HPA parameters using machine learning scripts in targeted attack scenarios while effectively managing attack traffic. All access from attacking IPs is redirected to honeypot pods, achieving a lower incidence of 5XX status codes through HPA pod adjustments under high load conditions. This method also ensures effective isolation of attack traffic, preventing excessive HPA expansion due to attacks. Additionally, experiments conducted under various conditions demonstrate the importance of setting appropriate thresholds for HPA adjustments.