Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services

N. M. Sahri, Koji Okamura

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with unwanted DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016
PublisherIEEE Computer Society
Pages565-570
Number of pages6
Volume2
ISBN (Electronic)9781467388450
DOIs
Publication statusPublished - Aug 24 2016
Event2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 - Atlanta, United States
Duration: Jun 10 2016Jun 14 2016

Other

Other2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
CountryUnited States
CityAtlanta
Period6/10/166/14/16

Fingerprint

Authentication
Servers
Controllers
Software defined networking
Availability

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications

Cite this

Sahri, N. M., & Okamura, K. (2016). Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services. In Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016 (Vol. 2, pp. 565-570). [7552274] IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2016.6

Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services. / Sahri, N. M.; Okamura, Koji.

Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016. Vol. 2 IEEE Computer Society, 2016. p. 565-570 7552274.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sahri, NM & Okamura, K 2016, Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services. in Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016. vol. 2, 7552274, IEEE Computer Society, pp. 565-570, 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, United States, 6/10/16. https://doi.org/10.1109/COMPSAC.2016.6
Sahri NM, Okamura K. Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services. In Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016. Vol. 2. IEEE Computer Society. 2016. p. 565-570. 7552274 https://doi.org/10.1109/COMPSAC.2016.6
Sahri, N. M. ; Okamura, Koji. / Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services. Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016. Vol. 2 IEEE Computer Society, 2016. pp. 565-570
@inproceedings{f68a45d8e89c4ba191824899259b4a1f,
title = "Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services",
abstract = "As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with unwanted DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started.",
author = "Sahri, {N. M.} and Koji Okamura",
year = "2016",
month = "8",
day = "24",
doi = "10.1109/COMPSAC.2016.6",
language = "English",
volume = "2",
pages = "565--570",
booktitle = "Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016",
publisher = "IEEE Computer Society",
address = "United States",

}

TY - GEN

T1 - Collaborative Spoofing Detection and Mitigation - SDN Based Looping Authentication for DNS Services

AU - Sahri, N. M.

AU - Okamura, Koji

PY - 2016/8/24

Y1 - 2016/8/24

N2 - As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with unwanted DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started.

AB - As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with unwanted DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. From the evaluation, CAuth instantly manage to block spoofing query packet while authenticate the legitimate query as soon as the mechanism started.

UR - http://www.scopus.com/inward/record.url?scp=84987957361&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84987957361&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2016.6

DO - 10.1109/COMPSAC.2016.6

M3 - Conference contribution

AN - SCOPUS:84987957361

VL - 2

SP - 565

EP - 570

BT - Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference Workshops, COMPSAC 2016

PB - IEEE Computer Society

ER -