Abstract:The Domain Name System (DNS), whose major function is to manage associations between domain names and IP addresses, plays a major role in managing the Internet. Thus, a DNS impairment would significantly impact society. A major cause of DNS impairment is Distributed Denial of Service (DDoS) attack on authoritative DNS servers. Our study focuses on the recently emerging DDoS attack known as the DNS Water Torture Attack. This attack causes open resolvers, which are improperly configured cache DNS servers that accept requests from both LAN and WAN, to send many queries to resolve domains managed by target servers. Domain names for resolving sent in this attack include varying random subdomains. Cache servers certainly will not have cached data for these queries, and so a huge volume of queries converges to the target authoritative servers via cache servers. In this paper, we propose a detection method for this attack using the Naive Bayes Classifier. Experimental results show that our method is capable of detecting this attack with a 95.59% detection rate. Moreover, the results of performance simulation show that our method is fast enough to process more than 2.3 Gbps of traffic on the fly.
Abstract:Water torture attacks are a recently emerging type of Distributed Denial-of-Service (DDoS) attack on Domain Name System (DNS) servers. They generate a multitude of malicious queries with randomized, unique subdomains. This paper proposes a detection method and a filtering system for water torture attacks. The former is an enhancement of our previous effort so as to achieve packet-by-packet, on-the-fly processing, and the latter is an application of our current method mainly for defending recursive servers. Our proposed method detects malicious queries by analyzing their subdomains with a naïve Bayes classifier. Considering large-scale applications, we focus on achieving high throughput as well as high accuracy. Experimental results indicate that our method can detect attacks with 98.16% accuracy and only a 1.55% false positive rate, and that our system can process up to 7.44 Mpps of traffic.
The Internet currently provides a multitude of services, which have become essential for everyday life such as disclosure of company information, online services, and e-commerce. Therefore, interruptions to these services greatly inconvenience the public. A denial of service (DoS) attack affects regular users' access to a network resource. DoS tools usually include a function for monitoring the status of the targeted server that allows the attacker to confirm the effectiveness of the current attack and the defense activities of the server, and thus plan further attacks. By observing the effectiveness of the current attack, the attacker can adjust the attack intensity to match the server's status. Depending on the defense response, the perpetrator can judge whether their attack is being mitigated using certain techniques. If the attacker observes a defensive response to the attack, the attacker can respond by changing the attack method, abandoning the attack, or targeting a more vulnerable server. We propose a method that allows the server to maintain its service to users relatively unaffected by the attacks, responds optimally to each attacker, and impedes the attacker's ability to detect defensive responses. In this paper, we implement our proposed method and evaluate the effectiveness of the system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.