Enhancing the Performance of Detect DRDoS DNS Attacks Based on the Machine Learning and Proactive Feature Selection (PFS) Model

—The Domain Name System (DNS), which converts domain names to IP addresses, is a critical component of the internet infrastructure. Attackers exploit the existing potential vulnerabilities in this network protocol to launch their attacks. Distributed Reflection Denial of Service (DRDoS) DN S attacks are a type of Distributed Denial of Service (DDoS) attack that uses DNS vulnerabilities to carry out their attacks. These types can rapidly deplete the resources of the targeted victim system (computational and bandwidth). With the advancement of attack methods, both quantitatively and qualitatively, tradi-tional methods used to detect DNS threats, particularly DRDoS attacks, became ineffective. Therefore, in this paper, a new model called proactive feature selection model PFS for early detection of DRDoS attacks based on DNS responses. The PFS model is divided into two stages: features selection stage and detection DRDoS attacks stage. The PFS model was validated using the standard CICDDoS2019 dataset. The results show that the PFS model achieves a high accuracy of 91.4368% and a very low FPR while reducing the number of features from 88 to 19 in the standard CICDDoS2019 dataset.

[1]  Esraa Alomari,et al.  A new proactive feature selection model based on the enhanced optimization algorithms to detect DRDoS attacks , 2022, International Journal of Electrical and Computer Engineering (IJECE).

[2]  Selvakumar Manickam,et al.  Distributed reflection denial of service attack: A critical review , 2021 .

[3]  Dalwinder Singh,et al.  Investigating the impact of data normalization on classification performance , 2020, Appl. Soft Comput..

[4]  Feng Wang,et al.  Characterizing DNS Behaviors of Internet of Things in Edge Networks , 2020, IEEE Internet of Things Journal.

[5]  Ehud Gudes,et al.  Comparison of DNS Based Methods for Detecting Malicious Domains , 2020, CSCML.

[6]  Dong Seong Kim,et al.  HARMer: Cyber-Attacks Automation and Evaluation , 2020, IEEE Access.

[7]  Lyes Khoukhi,et al.  BrainChain - A Machine learning Approach for protecting Blockchain applications using SDN , 2020, ICC 2020 - 2020 IEEE International Conference on Communications (ICC).

[8]  Dinil Mon Divakaran,et al.  DIDA: Distributed In-Network Defense Architecture Against Amplified Reflection DDoS Attacks , 2020, 2020 6th IEEE Conference on Network Softwarization (NetSoft).

[9]  Sergii Lysenko,et al.  A Cyberattacks Detection Technique Based on Evolutionary Algorithms , 2020, 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[10]  Resul Das,et al.  Cyber-security on smart grid: Threats and potential solutions , 2020, Comput. Networks.

[11]  Jiulun Fan,et al.  DNSTSM: DNS Cache Resources Trusted Sharing Model Based on Consortium Blockchain , 2020, IEEE Access.

[12]  Sajjad Mahmood,et al.  Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study , 2020, Arabian Journal for Science and Engineering.

[13]  Shishir K. Shandilya,et al.  Advances in Cyber Security Paradigm: A Review , 2019, HIS.

[14]  Yasuo Musashi,et al.  Review of Cybersecurity Research Topics, Taxonomy and Challenges: Interdisciplinary Perspective , 2019, 2019 IEEE 12th Conference on Service-Oriented Computing and Applications (SOCA).

[15]  Hacı Ali Mantar,et al.  SDN-based Detection and Mitigation System for DNS Amplification Attacks , 2019, 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT).

[16]  Ali A. Ghorbani,et al.  Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy , 2019, 2019 International Carnahan Conference on Security Technology (ICCST).

[17]  Akino Chikada,et al.  Cyber security and the brand , 2019, Computer Fraud & Security.

[18]  Yang Cheng,et al.  An Amplification DDoS Attack Defence Mechanism using Reinforcement Learning , 2019, 2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[19]  Sergii Lysenko,et al.  BotGRABBER: SVM-Based Self-Adaptive System for the Network Resilience Against the Botnets' Cyberattacks , 2019, CN.

[20]  Andrzej Duda,et al.  Characterizing Vulnerability of DNS AXFR Transfers with Global-Scale Scanning , 2019, 2019 IEEE Security and Privacy Workshops (SPW).

[21]  Rasim M. Alguliyev,et al.  Cyber-physical systems and their security issues , 2018, Comput. Ind..

[22]  Vishal Gupta,et al.  Mitigating DNS Amplification Attacks Using a Set of Geographically Distributed SDN Routers , 2018, 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[23]  Frank Kargl,et al.  An SDN-based Approach For Defending Against Reflective DDoS Attacks , 2018, 2018 IEEE 43rd Conference on Local Computer Networks (LCN).

[24]  Gulshan Kumar,et al.  Cybercrimes: A Proposed Taxonomy and Challenges , 2018, J. Comput. Networks Commun..

[25]  Rossouw von Solms,et al.  Cybersecurity and information security - what goes where? , 2018, Inf. Comput. Secur..

[26]  Sora Lee,et al.  Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN , 2017, ESORICS.

[27]  Kouichi Sakurai,et al.  A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation , 2016, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS).

[28]  Mourad Debbabi,et al.  Inferring distributed reflection denial of service attacks from darknet , 2015, Comput. Commun..

[29]  A. Binu,et al.  Automatic Detection and Rectification of DNS Reflection Amplification Attacks with Hadoop MapReduce and Chukwa , 2014, 2014 Fourth International Conference on Advances in Computing and Communications.

[30]  Chad Anderson,et al.  Investigating cyber attacks using domain and DNS data , 2021, Netw. Secur..

[31]  Kobi Cohen,et al.  IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files , 2021, IEEE Access.

[32]  M. Hussin,et al.  Preventing DNS Misuse for Reflection / Amplification Attacks With Minimal Computational Overhead on the Internet , 2020 .

[33]  Valeriy Martynyuk,et al.  Technique for IoT Cyberattacks Detection Based on DNS Traffic Analysis , 2020, IntelITSIS.

[34]  Shi-Chun Tsai,et al.  Detecting amplification attacks with Software Defined Networking , 2017, 2017 IEEE Conference on Dependable and Secure Computing.