A behavior-based method for detecting DNS amplification attacks

Longzhu Cai, Yaokai Feng, Junpei Kawamoto, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

Original languageEnglish
Title of host publicationProceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016
EditorsFatos Xhafa, Leonard Barolli, Noriki Uchida
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages608-613
Number of pages6
ISBN (Electronic)9781509009848
DOIs
Publication statusPublished - Dec 21 2016
Event10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016 - Fukuoka, Japan
Duration: Jul 6 2016Jul 8 2016

Publication series

NameProceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

Other

Other10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016
CountryJapan
CityFukuoka
Period7/6/167/8/16

Fingerprint

Amplification
Servers
Bandwidth

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Cai, L., Feng, Y., Kawamoto, J., & Sakurai, K. (2016). A behavior-based method for detecting DNS amplification attacks. In F. Xhafa, L. Barolli, & N. Uchida (Eds.), Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016 (pp. 608-613). [7794541] (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IMIS.2016.88

A behavior-based method for detecting DNS amplification attacks. / Cai, Longzhu; Feng, Yaokai; Kawamoto, Junpei; Sakurai, Kouichi.

Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. ed. / Fatos Xhafa; Leonard Barolli; Noriki Uchida. Institute of Electrical and Electronics Engineers Inc., 2016. p. 608-613 7794541 (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Cai, L, Feng, Y, Kawamoto, J & Sakurai, K 2016, A behavior-based method for detecting DNS amplification attacks. in F Xhafa, L Barolli & N Uchida (eds), Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016., 7794541, Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016, Institute of Electrical and Electronics Engineers Inc., pp. 608-613, 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016, Fukuoka, Japan, 7/6/16. https://doi.org/10.1109/IMIS.2016.88
Cai L, Feng Y, Kawamoto J, Sakurai K. A behavior-based method for detecting DNS amplification attacks. In Xhafa F, Barolli L, Uchida N, editors, Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 608-613. 7794541. (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016). https://doi.org/10.1109/IMIS.2016.88
Cai, Longzhu ; Feng, Yaokai ; Kawamoto, Junpei ; Sakurai, Kouichi. / A behavior-based method for detecting DNS amplification attacks. Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016. editor / Fatos Xhafa ; Leonard Barolli ; Noriki Uchida. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 608-613 (Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016).
@inproceedings{03af9c171f8e46eaa71f47b669db7bb9,
title = "A behavior-based method for detecting DNS amplification attacks",
abstract = "DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.",
author = "Longzhu Cai and Yaokai Feng and Junpei Kawamoto and Kouichi Sakurai",
year = "2016",
month = "12",
day = "21",
doi = "10.1109/IMIS.2016.88",
language = "English",
series = "Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "608--613",
editor = "Fatos Xhafa and Leonard Barolli and Noriki Uchida",
booktitle = "Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016",
address = "United States",

}

TY - GEN

T1 - A behavior-based method for detecting DNS amplification attacks

AU - Cai, Longzhu

AU - Feng, Yaokai

AU - Kawamoto, Junpei

AU - Sakurai, Kouichi

PY - 2016/12/21

Y1 - 2016/12/21

N2 - DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

AB - DNS (Domain Name System) amplification attack has become a popular form of the attacks of the Distributed Denial of Service (DDoS) in recent years. In DNS amplification attacks, the attackers utilize spoofed source IP addresses and open recursive DNS servers to perform the bandwidth consumption attacks. A lot of responses are generated and they are sent to the targets after the attackers send only a little of DNS requests. Various methods have been proposed for detecting the DNS amplification attacks. However, almost of them have to determine parameters in advance, which is not easy for many cases. In this study, we utilized the detection pattern and combination of three features to distinguish normal and attack. It can solve the problem that limitation of detection in the case of high-frequency and low-amplification attack.

UR - http://www.scopus.com/inward/record.url?scp=85011116088&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85011116088&partnerID=8YFLogxK

U2 - 10.1109/IMIS.2016.88

DO - 10.1109/IMIS.2016.88

M3 - Conference contribution

AN - SCOPUS:85011116088

T3 - Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

SP - 608

EP - 613

BT - Proceedings - 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016

A2 - Xhafa, Fatos

A2 - Barolli, Leonard

A2 - Uchida, Noriki

PB - Institute of Electrical and Electronics Engineers Inc.

ER -