IET Networks (Sep 2022)

An enhanced mechanism for detection of Domain Name System‐based distributed reflection denial of service attacks depending on modified metaheuristic algorithms and adaptive thresholding techniques

  • Selvakumar Manickam,
  • Riyadh Rahef Nuiaa,
  • Ali Hakem Alsaeedi,
  • Zaid Abdi Alkareem Alyasseri,
  • Mazin Abed Mohammed,
  • Mustafa Musa Jaber

DOI
https://doi.org/10.1049/ntw2.12043
Journal volume & issue
Vol. 11, no. 5
pp. 169 – 181

Abstract

Read online

Abstract The rapid growth of the number of devices connected to the Internet and the increasing demand for electronic services have led to a huge growth in the number of cyberattacks targeting cyberspace and the development of their methodology. Therefore, there must be mechanisms, laws, and rules regulating the work of these applications and protecting them from electronic attacks. The Domain Name System (DNS) has several vulnerabilities that can be exploited by cyber attackers to launch their attacks, and the most important one of these vulnerabilities is that the response size is always greater than the size of the request. According to reports published by numerous security companies, distributed reflection denial of service (DRDoS) attacks against DNS are regarded as one of the most hazardous and rapidly spreading threats in recent years. An enhanced mechanism that is able to detect DNS‐based DRDoS attacks that exploit the DNS responses to launch their attacks is proposed. The proposed mechanism was designed based on modified metaheuristic optimization algorithms and an adaptive threshold. This mechanism consists of two models and four stages. The first model is called ‘Proactive Feature Selection,’ and the second model is called ‘Evolving Dynamic Fuzzy Clustering.’ The four stages of the proposed mechanism are: the preprocessing stage, feature selection stage, detection stage, and enhancement stage. The new mechanism has been implemented on the CICDDoS2019 standard dataset and achieves a detection accuracy of 95.44% with a false‐positive rate of 0.22%. The results show that the new mechanism is better than others depending on the detection accuracy and false positives.

Keywords