A Behavior-Based Method for Detecting DNS Amplification Attacks | IEEE Conference Publication | IEEE Xplore

A Behavior-Based Method for Detecting DNS Amplification Attacks


Abstract:

DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification a...Show More

Abstract:

DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.
Date of Conference: 06-08 July 2016
Date Added to IEEE Xplore: 22 December 2016
ISBN Information:
Conference Location: Fukuoka, Japan

Contact IEEE to Subscribe

References

References is not available for this document.