Advertisement

KarmaNet: SDN Solution to DNS-Based Denial-of-Service

  • Govind Mittal
  • Vishal GuptaEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)

Abstract

Networks are fundamentally designed to efficiently share network resources among end-users. The Internet has facilitated a global communication and computational environment by interconnecting billions of computers. People depend on the Internet to share professional, personal, confidential, and valuable information with other network users. Because of this high dependency of users, attackers often exploit its weaknesses to paralyze crucial and important segments of the Internet. Domain Name System (DNS) is one such segment whose proper functioning is highly crucial for the Internet to function properly. Attackers often exploit vulnerabilities of the Internet and DNS to launch large scale Distributed Denial of Service (DDoS) attacks and disrupt network services. Such DNS based DDoS attacks generally use IP spoofing to bombard target network/host so as to paralyze them with attack packets. In this paper we present a novel DDoS attack prevention mechanism by utilizing the flexibility and programmability aspects of Software Defined Networks (SDN). The principal philosophy used behind it is to route DNS response packets along the same path which was used by corresponding DNS request packet. Such routing is independent of the destination IP address present in the packet. This way, the malicious host responsible for launching DDoS attack will self-destruct itself. The results of the simulation showed that KarmaNet reduced the network delay by 41% when the network was experiencing a DDoS attack. Also, as any security mechanism comes at a cost, simulations of proposed mechanism shows that it also introduced additional delay of 8%–9% in getting DNS responses as compared to current DNS structure.

Keywords

DNS Denial-of-Service Software-defined networking (SDN) Network security 

Notes

Availability

KarmaNet is free and released under the MIT Licence. It is available on GitHub: https://github.com/mittalgovind/KarmaNet-DNS-based-DDoS-Simulation-and-Prevention-Using-SDN.

References

  1. 1.
    Mockapetris, P.: RFC 1034: Domain names: concepts and facilities (November 1987). Status: Standard, 6 (2003)Google Scholar
  2. 2.
    Mockapetris, P.: RFC 1035-Domain names-implementation and specification, November 1987 (2004). http://www.ietf.org/rfc/rfc1035.txt
  3. 3.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  4. 4.
    McKeown, N.: Software-defined networking. INFOCOM Keynote Talk 17(2), 30–32 (2009)Google Scholar
  5. 5.
    Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)CrossRefGoogle Scholar
  6. 6.
    Feamster, N.: Software defined networking (2013). Retrieved from coursera https://class.coursera.org/sdn-001
  7. 7.
    Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. 51(11), 24–31 (2013)CrossRefGoogle Scholar
  8. 8.
    Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)CrossRefGoogle Scholar
  9. 9.
    Roolvink, S.: Detecting attacks involving DNS servers (2008)Google Scholar
  10. 10.
    Guo, F., Chen, J., Chiueh, T.C.: Spoof detection for preventing dos attacks against DNS servers. In: 26th IEEE International Conference on Distributed Computing Systems, ICDCS 2006, pp. 37–37. IEEE (2006)Google Scholar
  11. 11.
    Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)CrossRefGoogle Scholar
  12. 12.
    Blacka, D., Laurie, B., Sisson, G., Arends, R.: DNS security (DNSSEC) hashed authenticated denial of existence (2008)Google Scholar
  13. 13.
    Klein, A., Shulman, H., Waidner, M.: Internet-wide study of DNS cache injections. In: INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE, May 2017Google Scholar
  14. 14.
    Specht, S.M., Lee, R.B.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: ISCA PDCS, pp. 543–550, September 2004Google Scholar
  15. 15.
    Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)CrossRefGoogle Scholar
  16. 16.
    Krämer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615–636. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26362-5_28CrossRefGoogle Scholar
  17. 17.
    Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: NDSS, February 2014Google Scholar
  18. 18.
    Fouladi, R.F., Kayatas, C.E., Anarim, E.: Frequency based DDoS attack detection approach using naive Bayes classification. In: 2016 39th International Conference on Telecommunications and Signal Processing (TSP), pp. 104–107. IEEE, June 2016Google Scholar
  19. 19.
    Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutorials 18(1), 602–622 (2016)CrossRefGoogle Scholar
  20. 20.
    Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: 2014 Sixth International Conf on Ubiquitous and Future Networks (ICUFN), pp. 63–68. IEEE, July 2014Google Scholar
  21. 21.
    Belyaev, M., Gaivoronski, S.: Towards load balancing in SDN-networks during DDoS-attacks. In: 2014 First International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), pp. 1–6. IEEE, October 2014Google Scholar
  22. 22.
    Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017)CrossRefGoogle Scholar
  23. 23.
    Kim, S., Lee, S., Cho, G., Ahmed, M.E., Jeong, J.P., Kim, H.: Preventing DNS amplification attacks using the history of DNS queries with SDN. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 135–152. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66399-9_8CrossRefGoogle Scholar
  24. 24.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer Science and Information SystemsBirla Institute of Technology and Science, PilaniPilaniIndia

Personalised recommendations