Designing Lightweight Mitigation Processes for DNS Flooding Attacks
Distributed Denial of Service (DDoS) attacks are everyday threats in the current cyber world. Massive DDoS flooding attacks on October 21, 2016, were launched to attack Internet Domain Name System (DNS) -- the phone book of the Internet domain addresses. These attacks consumed all resources of the DNS, leading to Denial of Service (DoS) and as a result, hundreds of domains under the DNS became unreachable. In this dissertation, we design robust and practical mitigation techniques for DNS flooding attacks. First, we analyze the current state of the art of the DDoS attacks in a systematic review. We analyze different aspects of the DDoS attacks including types, motivation, and defense mechanisms. We propose a taxonomy of the attack types to include DNS flooding attacks under the category of the infrastructure attacks. Second, we propose a load distributed mitigation technique. This process utilizes existing resources of different DNS service providers and successfully distributes all attack traffcs in a load balancing way. Consequently, the service remains available for legitimate traffcs. Third, we propose a benign bot-based mitigation process. This benign bot works in the local DNS cache resolver and accumulates the latest information on important domain records. Therefore, during a DNS flooding attack, the system can continually reach these important domain names even if the authoritative server becomes unreachable. Fourth, we propose the hotlist and stale content update based enhanced DNS cache. This cache maintains updated records of popular domain names of different upper-level servers. Eventually, this rich cache contents support the DNS address resolution process from the local cache, even though a flooding attack makes the authoritative servers unresponsive. Finally, to address the potential problems of our hot list-based cache, we study cache replacement policies in DNS cache. We propose two popularity-based cache replacement policies LAFTR and LAFUR. These methods preserve only important items and effectively mitigates the consequences of a DNS flooding attack. We simulate our proposed mitigation techniques to evaluate the performance in DNS flooding scenarios. Our proposed techniques are lightweight, easy to deploy, and cost-effective solutions to the ongoing DNS flooding threats.