A behavior-based method for detecting DNS amplification attacks

Longzhu Cai; Yaokai Feng; Junpei Kawamoto; Kouichi Sakurai

doi:10.1109/IMIS.2016.88

A behavior-based method for detecting DNS amplification attacks

Longzhu Cai, Yaokai Feng, Junpei Kawamoto, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

Original language	English
Title of host publication	Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016
Editors	Fatos Xhafa, Leonard Barolli, Noriki Uchida
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	608-613
Number of pages	6
ISBN (Electronic)	9781509009848
DOIs	https://doi.org/10.1109/IMIS.2016.88
Publication status	Published - Dec 21 2016
Event	10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016 - Fukuoka, Japan Duration: Jul 6 2016 → Jul 8 2016

Publication series

Name	Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

Other

Other	10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016
Country/Territory	Japan
City	Fukuoka
Period	7/6/16 → 7/8/16

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications

Access to Document

10.1109/IMIS.2016.88

Cite this

Cai, L., Feng, Y., Kawamoto, J., & Sakurai, K. (2016). A behavior-based method for detecting DNS amplification attacks. In F. Xhafa, L. Barolli, & N. Uchida (Eds.), Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016 (pp. 608-613). [7794541] (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IMIS.2016.88

A behavior-based method for detecting DNS amplification attacks. / Cai, Longzhu; Feng, Yaokai; Kawamoto, Junpei et al.

Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. ed. / Fatos Xhafa; Leonard Barolli; Noriki Uchida. Institute of Electrical and Electronics Engineers Inc., 2016. p. 608-613 7794541 (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Cai, L, Feng, Y, Kawamoto, J & Sakurai, K 2016, A behavior-based method for detecting DNS amplification attacks. in F Xhafa, L Barolli & N Uchida (eds), Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016., 7794541, Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016, Institute of Electrical and Electronics Engineers Inc., pp. 608-613, 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016, Fukuoka, Japan, 7/6/16. https://doi.org/10.1109/IMIS.2016.88

Cai L, Feng Y, Kawamoto J, Sakurai K. A behavior-based method for detecting DNS amplification attacks. In Xhafa F, Barolli L, Uchida N, editors, Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 608-613. 7794541. (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016). doi: 10.1109/IMIS.2016.88

Cai, Longzhu ; Feng, Yaokai ; Kawamoto, Junpei et al. / A behavior-based method for detecting DNS amplification attacks. Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. editor / Fatos Xhafa ; Leonard Barolli ; Noriki Uchida. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 608-613 (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016).

@inproceedings{03af9c171f8e46eaa71f47b669db7bb9,

title = "A behavior-based method for detecting DNS amplification attacks",

abstract = "DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.",

author = "Longzhu Cai and Yaokai Feng and Junpei Kawamoto and Kouichi Sakurai",

year = "2016",

month = dec,

day = "21",

doi = "10.1109/IMIS.2016.88",

language = "English",

series = "Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "608--613",

editor = "Fatos Xhafa and Leonard Barolli and Noriki Uchida",

booktitle = "Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016",

address = "United States",

note = "10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016 ; Conference date: 06-07-2016 Through 08-07-2016",

}

TY - GEN

T1 - A behavior-based method for detecting DNS amplification attacks

AU - Cai, Longzhu

AU - Feng, Yaokai

AU - Kawamoto, Junpei

AU - Sakurai, Kouichi

PY - 2016/12/21

Y1 - 2016/12/21

N2 - DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

AB - DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

UR - http://www.scopus.com/inward/record.url?scp=85011116088&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85011116088&partnerID=8YFLogxK

U2 - 10.1109/IMIS.2016.88

DO - 10.1109/IMIS.2016.88

M3 - Conference contribution

AN - SCOPUS:85011116088

T3 - Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

SP - 608

EP - 613

BT - Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

A2 - Xhafa, Fatos

A2 - Barolli, Leonard

A2 - Uchida, Noriki

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

Y2 - 6 July 2016 through 8 July 2016

ER -

A behavior-based method for detecting DNS amplification attacks

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this