Toward Domain Name System privacy enhancement using intent‐based Moving Target Defense framework over software defined networks

Hyder, Muhammad Faraz; Ismail, Muhammad Ali

doi:10.1002/ett.4318

Cited by 4 publications

(4 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, data from several IoT devices installed in various rooms can be analyzed by smart rooms to reveal residents' daily routines and activities. It is currently unclear how to properly collect and manage data in such a situation while preserving user anonymity and privacy through encryption and storage methods 38 39 …”

Section: Content Deliverymentioning

confidence: 99%

Towards a software‐defined networking model for consumer‐centric content delivery network for IoT

Bhardwaj,

Harit,

Yadav

2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Every entity must communicate seamlessly in an interconnected network. Personalised delivery of information in an open private network(s) among consumers should be transparent while maintaining privacy. In information‐centric content delivery networks (ICDN) or data‐centric content delivery networks (DCDN), data delivery relies heavily on sharing data with third‐party entities, resulting in a privacy breach. To overcome these challenges, this article proposes a novel communication model with a consumer‐centric content delivery network (CCDN) approach for an internet‐of‐things (IoT) network that deals in personalised information delivery with users' identity and location privacy. The article derives motivation from a use case‐based analysis of the proposed communication model (CCDN) by incorporating the latest technologies like software‐defined networks (SDN) and content delivery network (CDN) into IoT Networks to achieve a higher level of personalisation while maintaining user privacy. CCDN leverages SDN‐based CDN for IoT networks in the designed use case that strictly adheres to user‐defined preferences/demands. The article suggests an environment with a possible topology implementation and describes the elements that can help achieve it. The article investigates the need for personalisation and how it is contrary to maintaining user privacy. The article also contributes a survey of the underlying technologies while linking them to IoT.

show abstract

Section: Content Deliverymentioning

confidence: 99%

Towards a software‐defined networking model for consumer‐centric content delivery network for IoT

Bhardwaj,

Harit,

Yadav

2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…In MTD, similar to IP address shuffling, port numbers might also be changed so that attacker will not be able to use his gathered information to continue with her attack since the port numbers will be dynamically changed [29]. Some implementations were designed specifically for some application protocols such as Domain Name System (DNS) [30] others were designed as a combination of IP and port changes to leverage security [29].…”

Section: Literature Reviewmentioning

confidence: 99%

A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

Amro

Salah

Moreb³

2023

JCSANDM

View full text Add to dashboard Cite

Distributed Denial-of-Service (DDoS) attacks are among the top toughest security threats in today’s cyberspace. The multitude, diversity, and variety of both the attacks and their countermeasures have the consequence that no optimal solutions exist. However, many mitigation techniques and strategies have been proposed among which is Moving Target Defense (MTD). MTD strategy keeps changing the system states and attack surface dynamically by continually applying various systems reconfigurations aiming at increasing the uncertainty and complexity for attackers. Current proposals of MTD fall into one of three strategies: shuffling, diversity, and redundancy, based on what to move? how to move? and when to move? Despite the existence of such strategies, a comprehensive Framework for MTD techniques against DDoS attacks that can be used for all types of DDoS attacks has not been proposed yet. In this paper, we propose a novel and comprehensive Framework of MTD techniques considering all stages, mechanisms, data sources, and criteria adopted by the research community, the Framework will apply to all DDoS attacks on different systems. To efficiently use our proposed model, a comprehensive taxonomy of MTD mitigation techniques and strategies is also provided and can be used as a reference guide for the best selection of the model’s parameters.

show abstract

“…Whether the client is a personal computer, intelligent terminal, or virtualized device, 2,3 the DNS cache is needed to accelerate the web access experience. [4][5][6][7] Due to the COVID-19 pandemic, Gartner notes that web clients are expected to reach 6.4 billion by 2022, a 3.2% increase from 2021. 8 Therefore, client-side caching requirements continue to rise.…”

Section: Introductionmentioning

confidence: 99%

“…The client Domain Name System (DNS) cache 1 is a local temporary database of all recently accessed domain names and addresses. Whether the client is a personal computer, intelligent terminal, or virtualized device, 2,3 the DNS cache is needed to accelerate the web access experience 4–7 . Due to the COVID‐19 pandemic, Gartner notes that web clients are expected to reach 6.4 billion by 2022, a 3.2% increase from 2021 8 .…”

Section: Introductionmentioning

confidence: 99%

An intelligent proactive defense against the client‐side DNS cache poisoning attack via self‐checking deep reinforcement learning

Yang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

A new class of poisoning attacks has recently emerged targeting the client-side Domain Name System (DNS) cache. It allows users to visit fake websites unconsciously, thereby revealing their information, such as passwords. However, the current DNS defense architecture does not include DNS clients. Although relative encryption solutions can mitigate this attack, they require the cooperation of multiple parties, and the deployment speed is slow. Therefore, we propose an intelligent-driven proactive defense strategy. First, we model the offensive and defensive process as a stochastic game based on moving target defense. Second, we adopt and optimize Proximal PolicyOptimization (PPO), a deep reinforcement learning method, to solve problems caused by uncertain attack strategies and unknown state transition probability. Third, we design a self-checking component in PPO to solve the uncertainty of action space caused by game state constraints based on our previous work. Thus the convergence speed and stability of PPO are improved. Finally, to the best of our knowledge, we are the first to game with intelligent attackers besides three conventional ones. Our strategy does not require any

show abstract

Toward Domain Name System privacy enhancement using intent‐based Moving Target Defense framework over software defined networks

Cited by 4 publications

References 42 publications

Towards a software‐defined networking model for consumer‐centric content delivery network for IoT

Towards a software‐defined networking model for consumer‐centric content delivery network for IoT

A Comprehensive Architectural Framework of Moving Target Defenses Against DDoS Attacks

An intelligent proactive defense against the client‐side DNS cache poisoning attack via self‐checking deep reinforcement learning

Contact Info

Product

Resources

About