DDoS attack mitigation through Root-DNS Server: a case study

Betty Saridou, Stavros Shiaeles, Basil Papadopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Load balancing and IP anycast are traffic routing algorithms used to speed up delivery of the Domain Name System. In case of a DDoS attack or an overload condition, the value of these protocols is critical, as they can provide intrinsic DDoS mitigation with the failover alternatives. In this paper, we present a methodology for predicting the next DNS response in the light of a potential redirection to less busy servers, in order to mitigate the size of the attack. Our experiments were conducted using data from the Nov. 2015 attack of the Root DNS servers and Logistic Regression, k-Nearest Neighbors, Support Vector Machines and Random Forest as our primary classifiers. The models were able to successfully predict up to 83% of responses for Root Letters that operated on a small number of sites and consequently suffered the most during the attacks. On the other hand, regarding DNS requests coming from more distributed Root servers, the models demonstrated lower accuracy. Our analysis showed a correlation between the True Positive Rate metric and the number of sites, as well as a clear need for intelligent management of traffic in load balancing practices.

Original languageEnglish
Title of host publication2019 IEEE World Congress on Services (SERVICES)
EditorsCarl K. Chang, Peter Chen, Michael Goul, Katsunori Oyama, Stephan Reiff-Marganiec, Yanchun Sun, Shangguang Wang, Zhongjie Wang
PublisherIEEE
Pages60-65
Number of pages6
ISBN (Electronic)978-1-7281-3851-0
ISBN (Print)978-1-7281-3852-7
DOIs
Publication statusPublished - 29 Aug 2019
Event2019 IEEE World Congress on Services - Milan, Italy
Duration: 8 Jul 201913 Jul 2019

Publication series

Name2019 IEEE World Congress on Services (SERVICES)
PublisherIEEE
ISSN (Print)2378-3818
ISSN (Electronic)2642-939X

Conference

Conference2019 IEEE World Congress on Services
Abbreviated titleSERVICES 2019
Country/TerritoryItaly
CityMilan
Period8/07/1913/07/19

Keywords

  • Anycast
  • Cyber Security
  • DDoS
  • Domain Name System
  • High availability
  • Load balancing
  • Machine learning
  • Quality of Service
  • RIPE Atlas
  • Root DNS

Fingerprint

Dive into the research topics of 'DDoS attack mitigation through Root-DNS Server: a case study'. Together they form a unique fingerprint.

Cite this