Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.2.303

Study on the near-real time DNS query analyzing system for DNS amplification attacks  

Lee, Ki-Taek (Center for Information Security Technologies(CIST), Korea University)
Baek, Seung-Soo (Center for Information Security Technologies(CIST), Korea University)
Kim, Seung-Joo (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.2, 2015 , pp. 303-311 More about this Journal
Abstract
DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.
Keywords
DNS; amplification attack; Network; UDP; DNS query;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Korea Network Information Center, http://krnic.or.kr/jsp/dns/dnsInfo/dnsInfo.jsp
2 http://technet.microsoft.com/en-us/security/hh972393.aspx
3 www.ahnlab.com
4 www.symantec.co.kr
5 YE, Xi, and Yiru YE. "A Practical Mechanism to Counteract DNS Amplification DDoS Attacks." Journal of Computational Information Systems 9:1, pp. 256-272, 2013.
6 Yu, Huiming, et al. "A visualization analysis tool for DNS amplification attack." Biomedical Engineering and Informatics (BMEI), 2010 3rd International Conference on. Vol. 7. IEEE, 2010.
7 Wei-min, Li, Chen Lu-ying, and Lei Zhen-ming. "Alleviating the impact of DNS DDoS attacks." Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on. Vol. 1. IEEE, 2010.
8 Rozekrans, Thijs, Matthijs Mekking, and Javy de Koning. "Defending against DNS reflection amplification attacks." University of Amsterdam, Tech. Rep, Feb. 2013.
9 RFC 883 "DOMAIN NAMES-IMPLEMENTATION AND SPECIFICATION"