Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.84, No.2, 2025/ 10.32604/cmc.2025.062628

Table of Content

Open Access iconOpen Access

ARTICLE

Preventing IP Spoofing in Kubernetes Using eBPF

Absar Hussain1, Abdul Aziz1, Hassan Jamil Syed2,*, Shoaib Raza1

1 FAST School of Computing, National University of Computer and Emerging Sciences, Karachi, 75030, Pakistan
2 Asia Pacific University of Technology & Innovation (APU) Bukit Jalil, Kuala Lumpur, 57000, Malaysia

* Corresponding Author: Hassan Jamil Syed. Email: email

Computers, Materials & Continua 2025, 84(2), 3105-3124. https://doi.org/10.32604/cmc.2025.062628

Received 23 December 2024; Accepted 10 April 2025; Issue published 03 July 2025

Abstract

Kubernetes has become the dominant container orchestration platform, with widespread adoption across industries. However, its default pod-to-pod communication mechanism introduces security vulnerabilities, particularly IP spoofing attacks. Attackers can exploit this weakness to impersonate legitimate pods, enabling unauthorized access, lateral movement, and large-scale Distributed Denial of Service (DDoS) attacks. Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead, making them less effective in dynamic Kubernetes environments. This research presents PodCA, an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact. PodCA integrates with Kubernetes’ Container Network Interface (CNI) and uses eBPF to monitor and validate packet metadata at the kernel level. It maintains a container network mapping table that tracks pod IP assignments, validates packet legitimacy before forwarding, and ensures network integrity. If an attack is detected, PodCA automatically blocks spoofed packets and, in cases of repeated attempts, terminates compromised pods to prevent further exploitation. Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100% accuracy. Additionally, resource consumption analysis reveals minimal overhead, with a CPU increase of only 2–3% per node and memory usage rising by 40–60 MB. These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead, making it a scalable and efficient security solution for containerized applications.

Keywords

CNCF; eBPF; pods; spoofing; IP; DDoS; container orchestration; packets; EKS; CNI; CNM; VM

Cite This Article

APA Style
Hussain, A., Aziz, A., Syed, H.J., Raza, S. (2025). Preventing IP Spoofing in Kubernetes Using eBPF. Computers, Materials & Continua, 84(2), 3105–3124. https://doi.org/10.32604/cmc.2025.062628
Vancouver Style
Hussain A, Aziz A, Syed HJ, Raza S. Preventing IP Spoofing in Kubernetes Using eBPF. Comput Mater Contin. 2025;84(2):3105–3124. https://doi.org/10.32604/cmc.2025.062628
IEEE Style
A. Hussain, A. Aziz, H. J. Syed, and S. Raza, “Preventing IP Spoofing in Kubernetes Using eBPF,” Comput. Mater. Contin., vol. 84, no. 2, pp. 3105–3124, 2025. https://doi.org/10.32604/cmc.2025.062628
BibTex EndNote RIS



cc Copyright © 2025 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 583

    View

  • 203

    Download

  • 0

    Like

Related articles

Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link