TY  - JOUR
T1  - Effective Amplification Mitigation and Spoofing Detection
During DNS Flooding Attacks on Internet
AU - Hasan, Dana AU - Hussin, Masnida AU - Abdullah, Azizol 
JO  - Journal of Engineering and Applied Sciences
VL  - 12
IS  - 3
SP  - 475
EP  - 480
PY  - 2017
DA  - 2001/08/19
SN  - 1816-949x
DO  - jeasci.2017.475.480
UR  - https://makhillpublications.co/view-article.php?doi=jeasci.2017.475.480
KW  - DNS security
KW  -DNS reflection/amplification attacks
KW  -DNS authentication
KW  -authentication message
KW  -classification filtering
AB  - Recent flooding attacks using Domain Name System (DNS) is used by cybercriminals to launch
hundreds of gigabytes of attack traffic to paralyze their victims. The lack of security features in DNS protocol
and adding security layers to this protocol is subject of further studying. In this reserach, we proposed a
distributed mechanism to counter DNS reflection based attacks with high detection accuracy and little overhead
on network channels. We suggested Distributed Defense Scheme (DDS) to provide authenticity to DNS
transactions (i.e. request and response) through authentication message exchange. Then our classification
filtering plays an important role in distinguishing between real bogus DNS requests and discarding the fake
requests. Our analysis shows how DDS can remarkably reduce amplification factor for attack traffic without
affecting normal traffic flow.
ER  - 