Detection of Denial of Service Attacks against Domain Name System Using Machine Learning Classifiers

 Abstract—Domain Name System (DNS) provides name to address mapping services for the entire chain of Internet connectivity. Hackers exploit this fact to damage different parts of the Internet. In this paper we clarify possible Denial of Service (DoS) threats against DNS. An Intrusion Detection System (IDS) is introduced is the system to detect and classify different types of DoS attacks against DNS. This system consists of a statistical preprocessor and a machine learning (ML) engine. Three different types of neural network classifiers and support vector machines are evaluated in a simulated network. The results show that a backpropagation neural network engine outperforms other types of classifiers with 99% accuracy.

[1]  Nikolaos Chatzis Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-Related Internet Threats , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[2]  Sonia Fahmy,et al.  Towards user-centric metrics for denial-of-service measurement , 2007, ExpCS '07.

[3]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[4]  Bin Li,et al.  Tracking Anomalous Behaviors of Name Servers by Mining DNS Traffic , 2006, ISPA Workshops.

[5]  S. Gritzalis,et al.  A Fair Solution to DNS Amplification Attacks , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[6]  Alefiya Hussain,et al.  Effect of Malicious Traffic on the Network , 2003 .