A DEFENSE OF DNS AMPLIFICATION ATTACK VIA FLOW-BASED ANALYSIS WITH SDN

Abstract

The purpose of this research is to seek and propose alternative detection and mitigatin methods which can be used to create a defense of DNS amplification attack. Network traces obtained from University of Twente, Netherlands [2] have been used in this research. The existing methodology for DDoS attack detection and traffic mitigation using flow statistics has been adopted in this research. Properties of the proposed framework include; exporting flow information from an exporter to a collector; importing flow statistics of normal and abnormal DNS traffic; processing collected flow statistics by filtering both benign and malicious traffic according to DNS application data; check change of statistics by comparing both filtered traffic via an analyzer. Experimental results suggested that the proposed method manages to detect suspicious traffic without entailing huge DNS response by using flexible flow, and decelerate amplified traffic without intruding normal DNS operation by using security-centric SDN. A comparative study was also carried out and it showed that the proposed approach has performed better in terms of the detection time and accuracy. This research was conducted based on limited resources and variables due to hardware constraints and the lack of publicly available dataset, apart from the ones that are mentioned above [2]. Thus, the obtained results are applicable only to the study domain with selected network traces. This research has introduced the application of flow-based monitoring with flow-based configuration technologies in providing substitute solution to timely detect and reasonably mitigate DNS amplification attack.