Detecting DDoS Attacks Against DNS Servers Using Time Series Analysis
نویسندگان
چکیده
Domain Name System (DNS) Service is the basic support of Internet, which security plays a vital role in the entire Internet. Because DNS requests and responses are mostly UDP-based, and the existing large numbers of open recursive DNS servers, it is vulnerable to distributed denial of services (DDoS) attacks. Through the analysis of several aspects of these attacks, a novel approach to detect DDoS attacks is proposed based on characteristics of attack traffics (CAT) time series. Then CAT time series are transformed into a multidimensional vector series and a support vector machine (SVM) classifier is applied to identity the attacks. The experiment results show that our approach can identify the state features of the abnormal flow due to the DDoS attacking flows, and detect DDoS attacks accurately.
منابع مشابه
Detecting DNS Amplification Attacks
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The propo...
متن کاملInferring distributed reflection denial of service attacks from darknet
This work proposes a novel approach to infer and characterize Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work ...
متن کاملDDoS 3.0 - How Terrorists Bring Down the Internet
Dependable operation of the Internet is of crucial importance for our society. In recent years Distributed Denial of Service (DDoS) attacks have quickly become a major problem for the Internet. Most of these attacks are initiated by kids that target schools, ISPs, banks and web-shops; the Dutch NREN (SURFNet), for example, sees around 10 of such attacks per day. Performing attacks is extremely ...
متن کاملMining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers
The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recur...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013