A Multi-Path Approach to Protect DNS Against DDoS Attacks

S. Alouneh
{"title":"A Multi-Path Approach to Protect DNS Against DDoS Attacks","authors":"S. Alouneh","doi":"10.13052/jcsm2245-1439.1246","DOIUrl":null,"url":null,"abstract":"Domain Name System (DNS) is considered a vital service for the internet and networks operations, and practically this service is configured and accessible across networks’ firewall. Therefore, attackers take advantage of this open configuration to attack a network’s DNS server in order to use it as a reflector to achieve Denial of Service (DoS) attacks. Most of protection methods such as intrusion prevention and detection systems use blended tactics such as blocked-lists for suspicious sources, and thresholds for traffic volumes to detect and defend against DoS flooding attacks. However, these protection methods are not often successful. In this paper, we propose a new method to sense and protect DNS systems from DoS and Distributed DoS (DDoS) attacks. The main idea in our approach is to distribute the DNS request mapping into more than one DNS resolver such that an attack on one server should not affect the entire DNS services. Our approach uses the Multi-Protocol Label Switching (MPLS) along with multi-path routing to achieve this goal. Also, we use threshold secret sharing to code the distributed DNS requests. Our findings and results show that this approach performs better when compared with the traditional DNS structure.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"9 1","pages":"569-588"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cyber Security and Mobility","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13052/jcsm2245-1439.1246","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

Domain Name System (DNS) is considered a vital service for the internet and networks operations, and practically this service is configured and accessible across networks’ firewall. Therefore, attackers take advantage of this open configuration to attack a network’s DNS server in order to use it as a reflector to achieve Denial of Service (DoS) attacks. Most of protection methods such as intrusion prevention and detection systems use blended tactics such as blocked-lists for suspicious sources, and thresholds for traffic volumes to detect and defend against DoS flooding attacks. However, these protection methods are not often successful. In this paper, we propose a new method to sense and protect DNS systems from DoS and Distributed DoS (DDoS) attacks. The main idea in our approach is to distribute the DNS request mapping into more than one DNS resolver such that an attack on one server should not affect the entire DNS services. Our approach uses the Multi-Protocol Label Switching (MPLS) along with multi-path routing to achieve this goal. Also, we use threshold secret sharing to code the distributed DNS requests. Our findings and results show that this approach performs better when compared with the traditional DNS structure.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
多路径防御DDoS攻击
域名系统(DNS)被认为是互联网和网络运营的重要服务,实际上,这项服务是通过网络防火墙配置和访问的。因此,攻击者利用这种开放配置攻击网络的DNS服务器,将其作为反射器来实现拒绝服务(DoS)攻击。大多数防御方法,如入侵防御和检测系统,使用混合策略,如可疑源的阻止列表和流量阈值来检测和防御DoS洪水攻击。然而,这些保护方法往往不成功。本文提出了一种检测和保护DNS系统免受DoS和分布式DoS (DDoS)攻击的新方法。我们方法的主要思想是将DNS请求映射分布到多个DNS解析器中,这样对一个服务器的攻击就不会影响整个DNS服务。我们的方法使用多协议标签交换(MPLS)和多路径路由来实现这一目标。此外,我们还使用阈值秘密共享对分布式DNS请求进行编码。我们的研究结果表明,与传统的DNS结构相比,这种方法的性能更好。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Cyber Security and Mobility
Journal of Cyber Security and Mobility Computer Science-Computer Networks and Communications
CiteScore
2.30
自引率
0.00%
发文量
10
期刊介绍: Journal of Cyber Security and Mobility is an international, open-access, peer reviewed journal publishing original research, review/survey, and tutorial papers on all cyber security fields including information, computer & network security, cryptography, digital forensics etc. but also interdisciplinary articles that cover privacy, ethical, legal, economical aspects of cyber security or emerging solutions drawn from other branches of science, for example, nature-inspired. The journal aims at becoming an international source of innovation and an essential reading for IT security professionals around the world by providing an in-depth and holistic view on all security spectrum and solutions ranging from practical to theoretical. Its goal is to bring together researchers and practitioners dealing with the diverse fields of cybersecurity and to cover topics that are equally valuable for professionals as well as for those new in the field from all sectors industry, commerce and academia. This journal covers diverse security issues in cyber space and solutions thereof. As cyber space has moved towards the wireless/mobile world, issues in wireless/mobile communications and those involving mobility aspects will also be published.
期刊最新文献
Network Malware Detection Using Deep Learning Network Analysis An Efficient Intrusion Detection and Prevention System for DDOS Attack in WSN Using SS-LSACNN and TCSLR Update Algorithm of Secure Computer Database Based on Deep Belief Network Malware Cyber Threat Intelligence System for Internet of Things (IoT) Using Machine Learning Deep Learning Based Hybrid Analysis of Malware Detection and Classification: A Recent Review
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1