Countering DNS Amplification Attacks Based on Analysis of Outgoing Traffic

作     者：Evgeny Sagatov Samara Mayhoub Andrei Sukhov Prasad Calyam 

作者机构：Sevastopol State University(SevSU)Universitetskaya ul.33Sevastopol 99026Russia Samara National Research UniversityMoskovskoe sh.34Samara 443086Russia University of Missouri-Columbia221 Naka HallColumbia MO 65211USA 

出 版 物：《Journal of Communications and Information Networks》 (通信与信息网络学报（英文）)

年 卷 期：2023年第8卷第2期

页      面：111-121页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Russian Foundation for Basic Research(RFBR)(20-37-90002) Andrei Sukhov acknowledge SevSU for a Research(42-01-09/253/2022-1) 

主　　题：DNS amplification attacks outgoing traffic analysis port scanning attack network intrusion qualification attributes 

摘      要：Domain name system(DNS)amplification distributed denial of service(DDoS)attacks are one of the popular types of intrusions that involve accessing DNS servers on behalf of the *** this case,the size of the response is many times greater than the size of the request,in which the source of the request is substituted for the address of the *** paper presents an original method for countering DNS amplification DDoS *** novelty of our approach lies in the analysis of outgoing traffic from the victim’s *** servers used for amplification attacks are easily detected in Internet control message protocol(ICMP)packet headers(type 3,code 3)in outgoing *** packets of this type are generated when accessing closed user datagram protocol(UDP)ports of the victim,which are randomly assigned by the Saddam attack *** prevent such attacks,we used a Linux utility and a software-defined network(SDN)module that we previously developed to protect against port *** Linux utility showed the highest efficiency of 99.8%,i.e.,only two attack packets out of a thousand reached the victim server.