Abstract
Domain Name System (DNS) is considered a vital service for the internet and networks operations, and practically this service is configured and accessible across networks’ firewall. Therefore, attackers take advantage of this open configuration to attack a network’s DNS server in order to use it as a reflector to achieve Denial of Service (DoS) attacks. Most of protection methods such as intrusion prevention and detection systems use blended tactics such as blocked-lists for suspicious sources, and thresholds for traffic volumes to detect and defend against DoS flooding attacks. However, these protection methods are not often successful. In this paper, we propose a new method to sense and protect DNS systems from DoS and Distributed DoS (DDoS) attacks. The main idea in our approach is to distribute the DNS request mapping into more than one DNS resolver such that an attack on one server should not affect the entire DNS services. Our approach uses the Multi-Protocol Label Switching (MPLS) along with multi-path routing to achieve this goal. Also, we use threshold secret sharing to code the distributed DNS requests. Our findings and results show that this approach performs better when compared with the traditional DNS structure.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.