Kurdistan Journal of Applied Research (Dec 2020)

Preventing DNS misuse for Reflection/Amplification attacks with minimal computational overhead on the Internet

  • Rebeen Rebwar Hama Amin,
  • Dana Hassan,
  • Masnida Hussin

DOI
https://doi.org/10.24017/science.2020.2.6
Journal volume & issue
Vol. 5, no. 2

Abstract

Read online

DNS reflection/amplification attacks are types of Distributed Denial of Service (DDoS) attacks that take advantage of vulnerabilities in the Domain Name System (DNS) and use it as an attacking tool. This type of attack can quickly deplete the resources (i.e. computational and bandwidth) of the targeted system. Many defense mechanisms are proposed to mitigate the impact of this type of attack. However, these defense mechanisms are centralized-based and cannot deal with a distributed-based attack. Also, these defense mechanisms have a single point of deployment which leads to a lack of computational resources to handle an attack with a large magnitude. In this work, we presented a new distributed-based defense mechanism (DDM) to counter reflection/ amplification attacks. While operating, we calculated the CPU counters of the machines that we deployed our defense mechanism with which showed 19.9% computational improvement. On top of that, our defense mechanism showed that it can protect the attack path from exhaustion during reflection/amplification attacks without putting any significant traffic load on the network by eliminating every spoofed request from getting responses.

Keywords