Preventing DNS amplification attacks using the history of DNS queries with SDN

Soyoung Kim; Sora Lee; Geumhwan Cho; Muhammad Ejaz Ahmed; Jaehoon Paul Jeong; Hyoungshick Kim

doi:10.1007/978-3-319-66399-9_8

Preventing DNS amplification attacks using the history of DNS queries with SDN

Soyoung Kim
, Sora Lee
, Geumhwan Cho
, Muhammad Ejaz Ahmed
, Jaehoon Paul Jeong
, Hyoungshick Kim

Sungkyunkwan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

28 Scopus citations

Abstract

Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack could be performed with multiple DNS servers and/or switches. To overcome this limitation, we propose a novel security framework using Software-Defined Networking (SDN) to store the history of DNS queries as an evidence to distinguish normal DNS responses from attack packets. Our evaluation results demonstrate that the network traffic for DNS amplification attack can completely be blocked under various network conditions without incurring a significant communication overhead.

Original language	English
Title of host publication	Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings
Editors	Simon N. Foley, Dieter Gollmann, Einar Snekkenes
Publisher	Springer Verlag
Pages	135-152
Number of pages	18
ISBN (Print)	9783319663982
DOIs	https://doi.org/10.1007/978-3-319-66399-9_8
State	Published - 2017
Event	22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway Duration: 11 Sep 2017 → 15 Sep 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10493 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	22nd European Symposium on Research in Computer Security, ESORICS 2017
Country/Territory	Norway
City	Oslo
Period	11/09/17 → 15/09/17

Keywords

Distributed Denial of Service (DDoS)
DNS amplification attack
Domain Name System (DNS)
Software-Defined Networking (SDN)

Access to Document

10.1007/978-3-319-66399-9_8

Cite this

Kim, S., Lee, S., Cho, G., Ahmed, M. E., Jeong, J. P., & Kim, H. (2017). Preventing DNS amplification attacks using the history of DNS queries with SDN. In S. N. Foley, D. Gollmann, & E. Snekkenes (Eds.), Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings (pp. 135-152). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10493 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-66399-9_8

Kim, Soyoung ; Lee, Sora ; Cho, Geumhwan et al. / Preventing DNS amplification attacks using the history of DNS queries with SDN. Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings. editor / Simon N. Foley ; Dieter Gollmann ; Einar Snekkenes. Springer Verlag, 2017. pp. 135-152 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{89eb3b0f43824dd9a99308c5818184d2,

title = "Preventing DNS amplification attacks using the history of DNS queries with SDN",

abstract = "Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack could be performed with multiple DNS servers and/or switches. To overcome this limitation, we propose a novel security framework using Software-Defined Networking (SDN) to store the history of DNS queries as an evidence to distinguish normal DNS responses from attack packets. Our evaluation results demonstrate that the network traffic for DNS amplification attack can completely be blocked under various network conditions without incurring a significant communication overhead.",

keywords = "Distributed Denial of Service (DDoS), DNS amplification attack, Domain Name System (DNS), Software-Defined Networking (SDN)",

author = "Soyoung Kim and Sora Lee and Geumhwan Cho and Ahmed, \{Muhammad Ejaz\} and Jeong, \{Jaehoon Paul\} and Hyoungshick Kim",

note = "Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 22nd European Symposium on Research in Computer Security, ESORICS 2017 ; Conference date: 11-09-2017 Through 15-09-2017",

year = "2017",

doi = "10.1007/978-3-319-66399-9\_8",

language = "English",

isbn = "9783319663982",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "135--152",

editor = "Foley, \{Simon N.\} and Dieter Gollmann and Einar Snekkenes",

booktitle = "Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings",

}

Kim, S, Lee, S, Cho, G, Ahmed, ME, Jeong, JP & Kim, H 2017, Preventing DNS amplification attacks using the history of DNS queries with SDN. in SN Foley, D Gollmann & E Snekkenes (eds), Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10493 LNCS, Springer Verlag, pp. 135-152, 22nd European Symposium on Research in Computer Security, ESORICS 2017, Oslo, Norway, 11/09/17. https://doi.org/10.1007/978-3-319-66399-9_8

Preventing DNS amplification attacks using the history of DNS queries with SDN. / Kim, Soyoung; Lee, Sora; Cho, Geumhwan et al.
Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings. ed. / Simon N. Foley; Dieter Gollmann; Einar Snekkenes. Springer Verlag, 2017. p. 135-152 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10493 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Preventing DNS amplification attacks using the history of DNS queries with SDN

AU - Kim, Soyoung

AU - Lee, Sora

AU - Cho, Geumhwan

AU - Ahmed, Muhammad Ejaz

AU - Jeong, Jaehoon Paul

AU - Kim, Hyoungshick

PY - 2017

Y1 - 2017

N2 - Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack could be performed with multiple DNS servers and/or switches. To overcome this limitation, we propose a novel security framework using Software-Defined Networking (SDN) to store the history of DNS queries as an evidence to distinguish normal DNS responses from attack packets. Our evaluation results demonstrate that the network traffic for DNS amplification attack can completely be blocked under various network conditions without incurring a significant communication overhead.

AB - Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack could be performed with multiple DNS servers and/or switches. To overcome this limitation, we propose a novel security framework using Software-Defined Networking (SDN) to store the history of DNS queries as an evidence to distinguish normal DNS responses from attack packets. Our evaluation results demonstrate that the network traffic for DNS amplification attack can completely be blocked under various network conditions without incurring a significant communication overhead.

KW - Distributed Denial of Service (DDoS)

KW - DNS amplification attack

KW - Domain Name System (DNS)

KW - Software-Defined Networking (SDN)

UR - https://www.scopus.com/pages/publications/85029479554

U2 - 10.1007/978-3-319-66399-9_8

DO - 10.1007/978-3-319-66399-9_8

M3 - Conference contribution

AN - SCOPUS:85029479554

SN - 9783319663982

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 135

EP - 152

BT - Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings

A2 - Foley, Simon N.

A2 - Gollmann, Dieter

A2 - Snekkenes, Einar

PB - Springer Verlag

T2 - 22nd European Symposium on Research in Computer Security, ESORICS 2017

Y2 - 11 September 2017 through 15 September 2017

ER -

Kim S, Lee S, Cho G, Ahmed ME, Jeong JP , Kim H. Preventing DNS amplification attacks using the history of DNS queries with SDN. In Foley SN, Gollmann D, Snekkenes E, editors, Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2017. p. 135-152. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-66399-9_8

Preventing DNS amplification attacks using the history of DNS queries with SDN

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this