Cover Image

Distributed defense scheme for managing DNS reflection attack in network communication systems

Domain Name System (DNS) is based on client-server architecture and employed User Packet Diagram (UDP) protocol to transport requests and responses. Due to UDP supports unreliable connection, malicious users are able to fabricate spoofed DNS requests very easily. Such DNS problems in turn affect num...

Full description

Saved in:
Bibliographic Details
Main Authors: Ahmed, Dana Hasan, Hussin, Masnida, Abdullah, Azizol, Raja Mahmood, Raja Azlina
Format: Article
Language:English
Published: Faculty of Electronic and Computer Engineering, Universiti Teknikal Malaysia Melaka 2016
Online Access:http://psasir.upm.edu.my/id/eprint/53957/1/Distributed%20defense%20scheme%20for%20managing%20DNS%20reflection%20attack%20in%20network%20communication%20systems.pdf
http://psasir.upm.edu.my/id/eprint/53957/
http://journal.utem.edu.my/index.php/jtec/article/view/1250
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.53957
record_format eprints
spelling my.upm.eprints.539572019-05-16T04:58:00Z http://psasir.upm.edu.my/id/eprint/53957/ Distributed defense scheme for managing DNS reflection attack in network communication systems Ahmed, Dana Hasan Hussin, Masnida Abdullah, Azizol Raja Mahmood, Raja Azlina Domain Name System (DNS) is based on client-server architecture and employed User Packet Diagram (UDP) protocol to transport requests and responses. Due to UDP supports unreliable connection, malicious users are able to fabricate spoofed DNS requests very easily. Such DNS problems in turn affect numerous other network services and critical in resource utilization. Delay in deploying secure DNS motivates the need for local networks to protect DNS infrastructure. DNS reflection attack for example takes advantage of the DNS response message and results substantially larger than DNS query messages. In this work, we propose a distributed defense scheme in DNS infrastructure to prevent from reflection attack. Our defense scheme aims to prevent spoofed addresses from getting any responses by applying a classification-based packet filtering strategy. Specifically, our local DNS server regularly checked DNS requests in its database in order to differentiate between legitimate and illegitimate requests. We invent validation phase in our filtering strategy by getting confirmation before the request stored in local side server. The key idea behind this is to ensure the local DNS database is merely stored legitimate requests and prevent the fake DNS request transferred to users. Our analysis and the corresponding experimental results show that the proposed scheme offers an effective defense solution while implicitly improving network communication traffic. Faculty of Electronic and Computer Engineering, Universiti Teknikal Malaysia Melaka 2016 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/53957/1/Distributed%20defense%20scheme%20for%20managing%20DNS%20reflection%20attack%20in%20network%20communication%20systems.pdf Ahmed, Dana Hasan and Hussin, Masnida and Abdullah, Azizol and Raja Mahmood, Raja Azlina (2016) Distributed defense scheme for managing DNS reflection attack in network communication systems. Journal of Telecommunication, Electronic and Computer Engineering, 8 (6). pp. 71-75. ISSN 2180-1843; ESSN: 2289-8131 http://journal.utem.edu.my/index.php/jtec/article/view/1250
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description Domain Name System (DNS) is based on client-server architecture and employed User Packet Diagram (UDP) protocol to transport requests and responses. Due to UDP supports unreliable connection, malicious users are able to fabricate spoofed DNS requests very easily. Such DNS problems in turn affect numerous other network services and critical in resource utilization. Delay in deploying secure DNS motivates the need for local networks to protect DNS infrastructure. DNS reflection attack for example takes advantage of the DNS response message and results substantially larger than DNS query messages. In this work, we propose a distributed defense scheme in DNS infrastructure to prevent from reflection attack. Our defense scheme aims to prevent spoofed addresses from getting any responses by applying a classification-based packet filtering strategy. Specifically, our local DNS server regularly checked DNS requests in its database in order to differentiate between legitimate and illegitimate requests. We invent validation phase in our filtering strategy by getting confirmation before the request stored in local side server. The key idea behind this is to ensure the local DNS database is merely stored legitimate requests and prevent the fake DNS request transferred to users. Our analysis and the corresponding experimental results show that the proposed scheme offers an effective defense solution while implicitly improving network communication traffic.
format Article
author Ahmed, Dana Hasan
Hussin, Masnida
Abdullah, Azizol
Raja Mahmood, Raja Azlina
spellingShingle Ahmed, Dana Hasan
Hussin, Masnida
Abdullah, Azizol
Raja Mahmood, Raja Azlina
Distributed defense scheme for managing DNS reflection attack in network communication systems
author_facet Ahmed, Dana Hasan
Hussin, Masnida
Abdullah, Azizol
Raja Mahmood, Raja Azlina
author_sort Ahmed, Dana Hasan
title Distributed defense scheme for managing DNS reflection attack in network communication systems
title_short Distributed defense scheme for managing DNS reflection attack in network communication systems
title_full Distributed defense scheme for managing DNS reflection attack in network communication systems
title_fullStr Distributed defense scheme for managing DNS reflection attack in network communication systems
title_full_unstemmed Distributed defense scheme for managing DNS reflection attack in network communication systems
title_sort distributed defense scheme for managing dns reflection attack in network communication systems
publisher Faculty of Electronic and Computer Engineering, Universiti Teknikal Malaysia Melaka
publishDate 2016
url http://psasir.upm.edu.my/id/eprint/53957/1/Distributed%20defense%20scheme%20for%20managing%20DNS%20reflection%20attack%20in%20network%20communication%20systems.pdf
http://psasir.upm.edu.my/id/eprint/53957/
http://journal.utem.edu.my/index.php/jtec/article/view/1250
_version_ 1643835535124332544
score 13.18916

Similar Items