IEEE Access (Jan 2025)

CADA: A Flexible and Elastic DDoS Mitigation Architecture

  • Junrui Wu,
  • Zhige He,
  • Wenyong Wang,
  • Haoran Luo,
  • Shuisong Hu,
  • Yu Miao,
  • Yubo Li,
  • Jun Deng

DOI
https://doi.org/10.1109/ACCESS.2025.3554782
Journal volume & issue
Vol. 13
pp. 61416 – 61428

Abstract

Read online

The rigidity of traditional hardware DDoS mitigation frameworks is insufficient for handling complex and varied DDoS attacks. To address this, we introduce the Cloud-native Anti-DDoS Architecture (CADA), which is designed to ensure flexibility and elasticity while enhancing the efficiency of DDoS attack mitigation. CADA leverages software-driven concepts to abstract traditional hardware-based DDoS mitigation functions into capabilities. By utilizing an overlay network, CADA integrates capabilities into service chains based on user requests to formulate tailored DDoS mitigation strategies. These service chains are deployed on a cloud-native network, thereby overcoming the constraints of physical hardware. The selection of deployment strategies affects the efficiency of CADA’s DDoS mitigation. Therefore, we propose a genetic algorithm-based quantitative deployment algorithm that generates deployment strategies for each service chain through a fitness function that quantifies response time and resource utilization. Experimental results demonstrate that CADA significantly improves acceptance rates, reduces response times, and enhances the resource-time product compared to traditional hardware-based DDoS mitigation frameworks.

Keywords