Hotlist and stale content update mitigation in local databases for DNS flooding attacks

Authors

Tasnuva Mahjabin, Department of Computer Science, The University of Alabama, Tuscaloosa, 5487-02903, AL, United States
Yang Xiao, Department of Computer Science, The University of Alabama, Tuscaloosa, 5487-02903, AL, United States
Tieshan Li, School of Automation Engineering, University of Electronic Science and Technology of China, Chengdu, 610054, China & Navigation College, Dalian Maritime University, 1 Linghai Road, Gaoxinyuan District, Dalian, China
Mohsen Guizani, Mohamed bin Zayed University of Artificial IntelligenceFollow

Document Type

Article

Publication Title

Telecommunication Systems

Abstract

Domain name system (DNS) works like a phone book in the Internet address resolution process. It translates user-provided domain names into corresponding IP addresses and thus helps to connect to those domains. For its important role in Internet connectivity and the emerging growth of the Internet of Things (IoT) devices, recent massive distributed denial of service (DDoS) flooding attacks target this important infrastructure. The significance behind this kind of attack is huge. A successful DDoS flooding attack in DNS makes hundreds of domain names unreachable. This paper proposes a mitigation mechanism for this DNS flooding attack in which stale content updates and a hotlist in DNS local databases are utilized in local/low-tier DNS servers. This hotlist contains domain records from different upper-level DNS servers, and these domain names are the top most queried domain names of those servers so that when the DNS is under attack, those domains in the hotlist still can be accessed. This hotlist is implemented using piggyback response messages not to cost much overhead. Furthermore, we propose a stale content update method for DNS local database, which periodically updates the stale contents to keep the database fresh. Simulation runs show good results from this hotlist content, and during an extreme outage for the DNS flooding attack, hotlist contents serve over 80 % of the total responses of the database. © 2022, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

DOI

10.1007/s11235-022-00950-x

Publication Date

9-12-2022

Keywords

Distributed denial of service (DDoS), DNS local database, Domain name system (DNS) flooding attacks, Hotlists, Internet of Things (IoT), IoT attacks, Security, Stale update

Comments

IR Deposit conditions:

OA version (pathway b) Accepted version

12 month embargo

Published source must be acknowledged

Must link to publisher version with DOI

Post-prints are subject to Springer Nature re-use terms

Recommended Citation

T. Mahjabin, Y. Xiao, T. Li and M. Guizani, "Hotlist and stale content update mitigation in local databases for DNS flooding attacks", Telecommun Syst, Sept 2022, doi:10.1007/s11235-022-00950-x