A defense mechanism against the DNS amplification attack in SDN

As one of the most harmful DDoS (distributed deny of service) attacks, the DNS (domain name system) amplification attack has been a big threat to nowadays networks. Researchers have done much work to defend against this kind of attack in traditional networks. The SDN (software defined network) architecture, as a clear indication of future networking architecture, faces the same threat of DNS amplification attack. In this paper, we propose a defense mechanism consisting of three phases. The defense mechanism can easily detect the attacks, protect the victim quickly, then pinpoint all zombies and finally isolate them from the SDN network. Simulation results show that the proposed mechanism detects attacks accurately with low consumption, protects victim with quick response and has little impact on normal DNS queries of victim. Besides, after pinpointing and isolating all zombies in the network, the whole network's recovery speed is increased.

[1]  S. Gritzalis,et al.  A Fair Solution to DNS Amplification Attacks , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[2]  Bin Liu,et al.  Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[3]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[4]  Michalis Faloutsos,et al.  A nonstationary Poisson view of Internet traffic , 2004, IEEE INFOCOM 2004.

[5]  D. Goyal,et al.  A Rank Correlation Based Detection against Distributed Reflection DoS Attacks , 2014 .

[6]  Kotagiri Ramamohanarao,et al.  Detecting reflector attacks by sharing beliefs , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[7]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[8]  Nirwan Ansari,et al.  Detecting DRDoS attacks by a simple response packet confirmation mechanism , 2008, Comput. Commun..

[9]  Rui Wang,et al.  An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[10]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[11]  Kpatcha M. Bayarou,et al.  OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[12]  Basil S. Maglaris,et al.  Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks , 2014, 2014 Third European Workshop on Software Defined Networks.