Countering DNS Amplification Attacks Based on Analysis of Outgoing Traffic  

在线阅读下载全文

作  者:Evgeny Sagatov Samara Mayhoub Andrei Sukhov Prasad Calyam 

机构地区:[1]Sevastopol State University(SevSU),Universitetskaya ul.,33,Sevastopol 99026,Russia [2]Samara National Research University,Moskovskoe sh.34,Samara 443086,Russia [3]University of Missouri-Columbia,221 Naka Hall,Columbia MO 65211,USA

出  处:《Journal of Communications and Information Networks》2023年第2期111-121,共11页通信与信息网络学报(英文)

基  金:Russian Foundation for Basic Research(RFBR)(20-37-90002);Andrei Sukhov acknowledge SevSU for a Research(42-01-09/253/2022-1)。

摘  要:Domain name system(DNS)amplification distributed denial of service(DDoS)attacks are one of the popular types of intrusions that involve accessing DNS servers on behalf of the victim.In this case,the size of the response is many times greater than the size of the request,in which the source of the request is substituted for the address of the victim.This paper presents an original method for countering DNS amplification DDoS attacks.The novelty of our approach lies in the analysis of outgoing traffic from the victim’s server.DNS servers used for amplification attacks are easily detected in Internet control message protocol(ICMP)packet headers(type 3,code 3)in outgoing traffic.ICMP packets of this type are generated when accessing closed user datagram protocol(UDP)ports of the victim,which are randomly assigned by the Saddam attack tool.To prevent such attacks,we used a Linux utility and a software-defined network(SDN)module that we previously developed to protect against port scanning.The Linux utility showed the highest efficiency of 99.8%,i.e.,only two attack packets out of a thousand reached the victim server.

关 键 词:DNS amplification attacks outgoing traffic analysis port scanning attack network intrusion qualification attributes 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象