TY - EJOU AU - Hussain, Absar AU - Aziz, Abdul AU - Syed, Hassan Jamil AU - Raza, Shoaib TI - Preventing IP Spoofing in Kubernetes Using eBPF T2 - Computers, Materials \& Continua PY - 2025 VL - 84 IS - 2 SN - 1546-2226 AB - Kubernetes has become the dominant container orchestration platform, with widespread adoption across industries. However, its default pod-to-pod communication mechanism introduces security vulnerabilities, particularly IP spoofing attacks. Attackers can exploit this weakness to impersonate legitimate pods, enabling unauthorized access, lateral movement, and large-scale Distributed Denial of Service (DDoS) attacks. Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead, making them less effective in dynamic Kubernetes environments. This research presents PodCA, an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact. PodCA integrates with Kubernetes’ Container Network Interface (CNI) and uses eBPF to monitor and validate packet metadata at the kernel level. It maintains a container network mapping table that tracks pod IP assignments, validates packet legitimacy before forwarding, and ensures network integrity. If an attack is detected, PodCA automatically blocks spoofed packets and, in cases of repeated attempts, terminates compromised pods to prevent further exploitation. Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100% accuracy. Additionally, resource consumption analysis reveals minimal overhead, with a CPU increase of only 2–3% per node and memory usage rising by 40–60 MB. These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead, making it a scalable and efficient security solution for containerized applications. KW - CNCF; eBPF; pods; spoofing; IP; DDoS; container orchestration; packets; EKS; CNI; CNM; VM DO - 10.32604/cmc.2025.062628