DDoS attack mitigation through Root-DNS Server: a case study

Betty Saridou, Stavros Shiaeles, Basil Papadopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Load balancing and IP anycast are traffic routing algorithms used to speed up delivery of the Domain Name System. In case of a DDoS attack or an overload condition, the value of these protocols is critical, as they can provide intrinsic DDoS mitigation with the failover alternatives. In this paper, we present a methodology for predicting the next DNS response in the light of a potential redirection to less busy servers, in order to mitigate the size of the attack. Our experiments were conducted using data from the Nov. 2015 attack of the Root DNS servers and Logistic Regression, k-Nearest Neighbors, Support Vector Machines and Random Forest as our primary classifiers. The models were able to successfully predict up to 83% of responses for Root Letters that operated on a small number of sites and consequently suffered the most during the attacks. On the other hand, regarding DNS requests coming from more distributed Root servers, the models demonstrated lower accuracy. Our analysis showed a correlation between the True Positive Rate metric and the number of sites, as well as a clear need for intelligent management of traffic in load balancing practices.

Original languageEnglish
Title of host publication2019 IEEE World Congress on Services (SERVICES)
EditorsCarl K. Chang, Peter Chen, Michael Goul, Katsunori Oyama, Stephan Reiff-Marganiec, Yanchun Sun, Shangguang Wang, Zhongjie Wang
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)978-1-7281-3851-0
ISBN (Print)978-1-7281-3852-7
Publication statusPublished - 29 Aug 2019
Event2019 IEEE World Congress on Services - Milan, Italy
Duration: 8 Jul 201913 Jul 2019

Publication series

Name2019 IEEE World Congress on Services (SERVICES)
ISSN (Print)2378-3818
ISSN (Electronic)2642-939X


Conference2019 IEEE World Congress on Services
Abbreviated titleSERVICES 2019


  • Anycast
  • Cyber Security
  • DDoS
  • Domain Name System
  • High availability
  • Load balancing
  • Machine learning
  • Quality of Service
  • RIPE Atlas
  • Root DNS


Dive into the research topics of 'DDoS attack mitigation through Root-DNS Server: a case study'. Together they form a unique fingerprint.

Cite this