Abstract

Distributed Denial-of-Service (DDoS) attacks exhaust resources, leaving a server unavailable to legitimate clients. The Domain Name System (DNS) is a frequent target of DDoS attacks. Since DNS is a critical infrastructure service, protecting it from DoS is imperative. Many prior approaches have focused on specific filters or anti-spoofing techniques to protect generic services. DNS root nameservers are more challenging to protect, since they use fixed IP addresses, serve very diverse clients and requests, receive predominantly UDP traffic that can be spoofed, and must guarantee high quality of service. In this paper we propose a layered DDoS defense for DNS root nameservers. Our defense uses a library of defensive filters, which can be optimized for different attack types, with different levels of selectivity. We further propose a method that automatically and continuously evaluates and selects the best combination …

Metadata

publication

2023 15th International Conference on COMmunication Systems & NETworkS …, 2023

year

2023

publication date

2023/1/3

authors

ASM Rizvi, Jelena Mirkovic, John Heidemann, Wesley Hardaker, Robert Story

link

https://ieeexplore.ieee.org/abstract/document/10041415/

resource_link

https://arxiv.org/pdf/2209.07491

conference

2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS)

pages

513-521

publisher

IEEE