Distributed Defense Scheme for Managing DNS Reflection Attack in Network Communication Systems

Authors

  • Dana Hasan Ahmed Department of Communication Technology & Networks, Faculty of Computer Science & IT, University Putra Malaysia (UPM), Selangor, Malaysia.
  • Masnida Hussin Department of Communication Technology & Networks, Faculty of Computer Science & IT, University Putra Malaysia (UPM), Selangor, Malaysia.
  • Azizol Abdullah Department of Communication Technology & Networks, Faculty of Computer Science & IT, University Putra Malaysia (UPM), Selangor, Malaysia.
  • Raja Azlina Raja Mahmood Department of Communication Technology & Networks, Faculty of Computer Science & IT, University Putra Malaysia (UPM), Selangor, Malaysia.

Keywords:

DNS Reflection Attack, Defense Scheme, Communication Traffic,

Abstract

Domain Name System (DNS) is based on client-server architecture and employed User Packet Diagram (UDP) protocol to transport requests and responses. Due to UDP supports unreliable connection, malicious users are able to fabricate spoofed DNS requests very easily. Such DNS problems in turn affect numerous other network services and critical in resource utilization. Delay in deploying secure DNS motivates the need for local networks to protect DNS infrastructure. DNS reflection attack for example takes advantage of the DNS response message and results substantially larger than DNS query messages. In this work, we propose a distributed defense scheme in DNS infrastructure to prevent from reflection attack. Our defense scheme aims to prevent spoofed addresses from getting any responses by applying a classification-based packet filtering strategy. Specifically, our local DNS server regularly checked DNS requests in its database in order to differentiate between legitimate and illegitimate requests. We invent validation phase in our filtering strategy by getting confirmation before the request stored in local side server. The key idea behind this is to ensure the local DNS database is merely stored legitimate requests and prevent the fake DNS request transferred to users. Our analysis and the corresponding experimental results show that the proposed scheme offers an effective defense solution while implicitly improving network communication traffic

Downloads

Download data is not yet available.

Downloads

Published

2016-09-01

How to Cite

Hasan Ahmed, D., Hussin, M., Abdullah, A., & Raja Mahmood, R. A. (2016). Distributed Defense Scheme for Managing DNS Reflection Attack in Network Communication Systems. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 8(6), 71–75. Retrieved from https://jtec.utem.edu.my/jtec/article/view/1250

Issue

Vol. 8 No. 6: Emerging Technologies in Communication and Computer Engineering for Smart City Applications II

Section

Articles

License

Copyright (c) 2024 Journal of Telecommunication, Electronic and Computer Engineering

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)