Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet
DNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targe...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Sulaimani Polytechnic University
2020-12-01
|
| Series: | Kurdistan Journal of Applied Research |
| Subjects: | |
| Online Access: | https://kjar.spu.edu.iq/index.php/kjar/article/view/559 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1823861345602240512 |
|---|---|
| author | Rebeen Rebwar Hama Amin Dana Hassan Masnida Hussin |
| author_facet | Rebeen Rebwar Hama Amin Dana Hassan Masnida Hussin |
| author_sort | Rebeen Rebwar Hama Amin |
| collection | DOAJ |
| description | DNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targeted system. Many defense mechanisms are proposed to mitigate the impact of this type of attack. However, these defense mechanisms are centralized-based and cannot deal with a distributed-based attack. Also, these defense mechanisms have a single point of deployment which leads to a lack of computational resources to handle an attack with a large magnitude. In this work, we presented a new distributed-based defense mechanism (DDM) to counter reflection/ amplification attacks. While operating, we calculated the CPU counters of the machines that we deployed our defense mechanism with which showed 19.9% computational improvement. On top of that, our defense mechanism showed that it can protect the attack path from exhaustion during reflection/amplification attacks without putting any significant traffic load on the network by eliminating every spoofed request from getting responses.
|
| format | Article |
| id | doaj-art-7e269462c1fd400490463ac993e48813 |
| institution | Kabale University |
| issn | 2411-7684 2411-7706 |
| language | English |
| publishDate | 2020-12-01 |
| publisher | Sulaimani Polytechnic University |
| record_format | Article |
| series | Kurdistan Journal of Applied Research |
| spelling | doaj-art-7e269462c1fd400490463ac993e488132025-02-09T21:00:05ZengSulaimani Polytechnic UniversityKurdistan Journal of Applied Research2411-76842411-77062020-12-015210.24017/science.2020.2.6Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the InternetRebeen Rebwar Hama Amin0https://orcid.org/0000-0002-9847-5543Dana Hassan1https://orcid.org/0000-0002-7664-799XMasnida Hussin2Network Department, Computer Science Institute, Sulaimani Polytechnic University, Sulaimani, IraqComputer Science Department, College of Science, University of Garmian, Sulaimani, IraqDepartment of Communication Technology and Network,Faculty of Computer Science and Information Technology, Universiti Putra Malaysia , Serdang, Selangor, MalaysiaDNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targeted system. Many defense mechanisms are proposed to mitigate the impact of this type of attack. However, these defense mechanisms are centralized-based and cannot deal with a distributed-based attack. Also, these defense mechanisms have a single point of deployment which leads to a lack of computational resources to handle an attack with a large magnitude. In this work, we presented a new distributed-based defense mechanism (DDM) to counter reflection/ amplification attacks. While operating, we calculated the CPU counters of the machines that we deployed our defense mechanism with which showed 19.9% computational improvement. On top of that, our defense mechanism showed that it can protect the attack path from exhaustion during reflection/amplification attacks without putting any significant traffic load on the network by eliminating every spoofed request from getting responses. https://kjar.spu.edu.iq/index.php/kjar/article/view/559DNS, DDM, Reflection/amplification, DDoS, Amplification Factor. |
| spellingShingle | Rebeen Rebwar Hama Amin Dana Hassan Masnida Hussin Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet Kurdistan Journal of Applied Research DNS, DDM, Reflection/amplification, DDoS, Amplification Factor. |
| title | Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet |
| title_full | Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet |
| title_fullStr | Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet |
| title_full_unstemmed | Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet |
| title_short | Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet |
| title_sort | preventing dns misuse for reflection amplification attacks with minimal computational overhead on the internet |
| topic | DNS, DDM, Reflection/amplification, DDoS, Amplification Factor. |
| url | https://kjar.spu.edu.iq/index.php/kjar/article/view/559 |
| work_keys_str_mv | AT rebeenrebwarhamaamin preventingdnsmisuseforreflectionamplificationattackswithminimalcomputationaloverheadontheinternet AT danahassan preventingdnsmisuseforreflectionamplificationattackswithminimalcomputationaloverheadontheinternet AT masnidahussin preventingdnsmisuseforreflectionamplificationattackswithminimalcomputationaloverheadontheinternet |