Designing Lightweight Mitigation Processes for DNS Flooding Attacks

dc.contributorVrbsky, Susan
dc.contributorZhang, Jingyuan
dc.contributorTao, Dingwen
dc.contributorLi, Shuhui
dc.contributor.advisorXiao, Yang
dc.contributor.authorMahjabin, Tasnuva
dc.contributor.otherUniversity of Alabama Tuscaloosa
dc.descriptionElectronic Thesis or Dissertationen_US
dc.description.abstractDistributed Denial of Service (DDoS) attacks are everyday threats in the current cyber world. Massive DDoS flooding attacks on October 21, 2016, were launched to attack Internet Domain Name System (DNS) -- the phone book of the Internet domain addresses. These attacks consumed all resources of the DNS, leading to Denial of Service (DoS) and as a result, hundreds of domains under the DNS became unreachable. In this dissertation, we design robust and practical mitigation techniques for DNS flooding attacks. First, we analyze the current state of the art of the DDoS attacks in a systematic review. We analyze different aspects of the DDoS attacks including types, motivation, and defense mechanisms. We propose a taxonomy of the attack types to include DNS flooding attacks under the category of the infrastructure attacks. Second, we propose a load distributed mitigation technique. This process utilizes existing resources of different DNS service providers and successfully distributes all attack traffcs in a load balancing way. Consequently, the service remains available for legitimate traffcs. Third, we propose a benign bot-based mitigation process. This benign bot works in the local DNS cache resolver and accumulates the latest information on important domain records. Therefore, during a DNS flooding attack, the system can continually reach these important domain names even if the authoritative server becomes unreachable. Fourth, we propose the hotlist and stale content update based enhanced DNS cache. This cache maintains updated records of popular domain names of different upper-level servers. Eventually, this rich cache contents support the DNS address resolution process from the local cache, even though a flooding attack makes the authoritative servers unresponsive. Finally, to address the potential problems of our hot list-based cache, we study cache replacement policies in DNS cache. We propose two popularity-based cache replacement policies LAFTR and LAFUR. These methods preserve only important items and effectively mitigates the consequences of a DNS flooding attack. We simulate our proposed mitigation techniques to evaluate the performance in DNS flooding scenarios. Our proposed techniques are lightweight, easy to deploy, and cost-effective solutions to the ongoing DNS flooding threats.en_US
dc.publisherUniversity of Alabama Libraries
dc.relation.hasversionborn digital
dc.relation.ispartofThe University of Alabama Electronic Theses and Dissertations
dc.relation.ispartofThe University of Alabama Libraries Digital Collections
dc.rightsAll rights reserved by the author unless otherwise indicated.en_US
dc.subjectDDoS attacks
dc.subjectDNS Flooding Attacks
dc.subjectMitigation Process
dc.titleDesigning Lightweight Mitigation Processes for DNS Flooding Attacksen_US
dc.typetext of Alabama. Department of Computer Science Science University of Alabama
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
3.51 MB
Adobe Portable Document Format