Skip to main content
SpringerLink
Log in

Hotlist and stale content update mitigation in local databases for DNS flooding attacks

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Domain name system (DNS) works like a phone book in the Internet address resolution process. It translates user-provided domain names into corresponding IP addresses and thus helps to connect to those domains. For its important role in Internet connectivity and the emerging growth of the Internet of Things (IoT) devices, recent massive distributed denial of service (DDoS) flooding attacks target this important infrastructure. The significance behind this kind of attack is huge. A successful DDoS flooding attack in DNS makes hundreds of domain names unreachable. This paper proposes a mitigation mechanism for this DNS flooding attack in which stale content updates and a hotlist in DNS local databases are utilized in local/low-tier DNS servers. This hotlist contains domain records from different upper-level DNS servers, and these domain names are the top most queried domain names of those servers so that when the DNS is under attack, those domains in the hotlist still can be accessed. This hotlist is implemented using piggyback response messages not to cost much overhead. Furthermore, we propose a stale content update method for DNS local database, which periodically updates the stale contents to keep the database fresh. Simulation runs show good results from this hotlist content, and during an extreme outage for the DNS flooding attack, hotlist contents serve over \(80\%\) of the total responses of the database.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), 1–33. https://doi.org/10.1177/1550147717741463

    Article  Google Scholar 

  2. Jing, W., Wang, P., & Zhang, N. (2022). A false deletion data tracking method based on Fisher information distance in wireless sensor networks. International Journal of Sensor Networks, 38(4), 282–292.

    Article  Google Scholar 

  3. Cheng, H., Liu, J., Xu, T., Ren, B., Mao, J., & Zhang, W. (2020). Machine learning based low-rate DDoS attack detection for SDN enabled IoT networks. International Journal of Sensor Networks, 34(1), 56–69.

    Article  Google Scholar 

  4. Gao, J., & Xiao, Y. (2012). ProtoGENI DoS/DDoS security tests and experiments. In Proceedings of first GENI research and educational experiment workshop (GREE12), in conjunction with GENI GEC 13. March 13–15, 2012, Los Angeles, CA, USA.

  5. Wikipedia: 2016 Dyn cyberattack. Last Retrieved February 12, 2020, from https://en.wikipedia.org/wiki/2016_Dyn_cyberattack

  6. Greene, T. (2020). How the Dyn DDoS attack unfolded, a massive botnet patched together and deployed around the world swamped regional DNS data centers. Network World. Last Retrieved February 12, 2020, from https://www.networkworld.com/article/3134057/how-the-dyn-ddos-attack-unfolded.html

  7. Woolf, N. (2022). DDoS attack that disrupted internet was largest of its kind in history, experts say. Last Retrieved July 6, 2022, from https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet

  8. Naraine, R. Massive DDoS attack hit DNS root servers. Last Retrieved July 6, 2022, from https://www.cs.cornell.edu/people/egs/beehive/rootattack.html

  9. Mahjabin, T., & Xiao, Y. (2019). Mitigation process for DNS flood attacks. In 2019 16th IEEE annual consumer communications & networking conference (CCNC) (pp. 1–2). IEEE.

  10. Mahjabin, T., Xiao, Y., Li, T., & Chen, C. L. P. (2020). Load distributed and Benign-Bot mitigation methods for IoT DNS flood attacks. IEEE Internet of Things Journal, 7(2), 986–1000. https://doi.org/10.1109/JIOT.2019.2947659

    Article  Google Scholar 

  11. Wang, Z. (2019). An elastic and resiliency defense against DDoS attacks on the critical DNS authoritative infrastructure. Journal of Computer and System Sciences, 99, 1–26.

    Article  Google Scholar 

  12. Button, R. (2020). Dyn (DynDNS) DDoS attack. Last Retrieved February 12, 2020, from https://www.red-button.net/blog/dyn-dyndns-ddos-attack/

  13. Pappas, V., Massey, D., & Zhang, L. (2007). Enhancing DNS resilience against denial of service attacks. In 37th Annual IEEE/IFIP international conference on dependable systems and networks (DSN’07) (pp. 450–459). IEEE.

  14. Wei-Min, L., Lu-Ying, C., & Zhen-Ming, L. (2010). Alleviating the impact of DNS DDoS attacks. In 2010 Second international conference on networks security, wireless communications and trusted computing (Vol. 1, pp. 240–243). IEEE.

  15. Ballani, H., & Francis, P. (2008) Mitigating DNS DoS attacks. In Proceedings of the 15th ACM conference on computer and communications security (pp. 189–198). ACM.

  16. Deegan, T., Crowcroft, J., & Warfield, A. (2005). The main name system: An exercise in centralized computing. ACM SIGCOMM Computer Communication Review, 35(5), 5–14.

    Article  Google Scholar 

  17. Hong, S. (2015). Efficient and secure DNS cyber shelter on DDoS attacks. Journal of Computer Virology and Hacking Techniques, 11(3), 129–136.

    Article  Google Scholar 

  18. Georgiev, I., & Nikolova, K. (2017). An approach of DNS protection against DDoS attacks. In 2017 13th International conference on advanced technologies, systems and services in telecommunications (TELSIKS) (pp. 140–143). IEEE.

  19. Booth, T., & Andersson, K. (2017). DNS DDoS mitigation, via DNS timer design changes. In International conference on future network systems and security (pp. 43–55). Springer.

  20. Pan, L., Yuchi, X., & Chen, Y. (2016). Mitigating DDoS attacks towards top level domain name service. In 2016 18th Asia-Pacific network operations and management symposium (APNOMS) (pp. 1–4). IEEE.

  21. Feibish, S. L., Afek, Y., Bremler-Barr, A., Cohen, E., & Shagam, M. (2017). Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. In Proceedings of the fifth ACM/IEEE workshop on hot topics in web systems and technologies (p. 8). ACM.

  22. Liu, Z., Jin, H., Hu, Y. C., & Bailey, M. (2018). Practical proactive DDoS-attack mitigation via endpoint-driven in-network traffic control. IEEE/ACM Transactions on Networking, 26(4), 1948–1961.

    Article  Google Scholar 

  23. Rashidi, B., & Fung, C. (2016). CoFence: A collaborative DDoS defence using network function virtualization. In 2016 12th international conference on network and service management (CNSM) (pp. 160–166). IEEE.

  24. Jakaria, A. H. M., Rashidi, B., Rahman, M. A., Fung, C., & Yang, W. (2017). Dynamic DDoS defense resource allocation using network function virtualization. In Proceedings of the ACM international workshop on security in software defined networks & network function virtualization (pp. 37–42). ACM.

  25. Moura, G., Heidemann, J., Müller, M., de O Schmidt, R., & Davids, M. (2018). When the dike breaks: Dissecting DNS defenses during DDoS. In Proceedings of the internet measurement conference 2018 (pp. 8–21). ACM.

  26. Mahjabin, T., & Xiao, Y. (2019). DNS flood attack mitigation utilizing hot-lists and stale content updates. In Proceedings of the 12th international conference on security, privacy and anonymity in computation, communication and storage (SpaCCS 2019), July 14–17, Atlanta, USA (pp. 289–296).

  27. Ghayyad, S., Du, S., & Kurien, A. (2022). The flaws of Internet of Things (IoT) intrusion detection and prevention schemes. International Journal of Sensor Networks, 38(1), 25–36.

    Article  Google Scholar 

  28. Wagner, C., François, J., State, R., Engel, T., Wagener, G., & Dulaunoy, A. (2012). SDBF: Smart DNS brute-forcer. In Network operations and management symposium, Lahaina, United States (pp. 1001–1007). https://doi.org/10.1109NOMS.2012.6212021

  29. Mitchell, B. (2018). DNS caching and how it makes your internet better. Last Retrieved June 18, 2018, from https://www.lifewire.com/what-is-a-dns-cache-817514

  30. Zhao, Y., Ma, T., Hao, Y., Shen, W., Tian, Y., & Al-Dhelaan, A. (2019). ICRA: Index based cache replacement algorithm for cloud storage. International Journal of Sensor Networks, 29(1), 48–57.

    Article  Google Scholar 

  31. Chen, H., & Xiao, Y. (2006). Cache access and replacement for future wireless internet. IEEE Communications Magazine, Special Issue on Internet Technology Series, 44, 113–123.

    Article  Google Scholar 

  32. Jung, J., Sit, E., Balakrishnan, H., & Morris, R. (2002). DNS performance and the effectiveness of caching. IEEE/ACM Transactions on Networking, 10(5), 589–603.

    Article  Google Scholar 

  33. Wukipedia: Time to Live. Last Retrieved June 18, 2018, from https://en.wikipedia.org/wiki/Time_to_live

  34. Vlajic, N., Andrade, M., & Nguyen, U. T. (2012). The role of DNS TTL values in potential DDoS attacks: What do the major banks know about it? Procedia Computer Science, 10, 466–473.

    Article  Google Scholar 

  35. Zeifman, I., & Margolius, D. The long and short of TTL—Understanding DNS redundancy and the Dyn DDoS attack. Last Retrieved June 18, 2018, from https://www.incapsula.com/blog/the-long-and-short-of-ttl-the-ddos-perspective.html

  36. Shang, H., & Wills, C. E. (2006). Piggybacking related domain names to improve DNS performance. Computer Networks, 50(11), 1733–1748.

    Article  Google Scholar 

  37. Jang, B., Lee, D., Chon, K., & Kim, H. (2009). DNS resolution with renewal using piggyback. Journal of Communications and Networks, 11(4), 416–427.

    Article  Google Scholar 

  38. Mockapetris, P. (1987). RFC-1035 domain names-implementation and specification. Network Working Group, 55.

  39. Vixie, P. (1999). Extension mechanisms for DNS (EDNS0) (No. RFC 2671).

  40. Cohen, E., & Kaplan, H. (2003). Proactive caching of DNS records: Addressing a performance bottleneck. Computer Networks, 41(6), 707–726.

    Article  Google Scholar 

  41. Cao, P., & Irani, S. (1997). Cost-aware www proxy caching algorithms. In Usenix symposium on internet technologies and systems (Vol. 12(97), pp. 193–206).

  42. Choi, B. K., & Kang, D. (2013). Modeling and simulation of discrete event systems. Wiley.

Download references

Funding

The authors have not disclosed any funding.

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Alabama, Tuscaloosa, AL, 5487-02903, USA

    Tasnuva Mahjabin & Yang Xiao

  2. School of Automation Engineering, University of Electronic Science and Technology of China, Chengdu, 610054, China

    Tieshan Li

  3. Navigation College, Dalian Maritime University, 1 Linghai Road, Gaoxinyuan District, Dalian, China

    Tieshan Li

  4. Machine Learning Department, Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), Abu Dhabi, UAE

    Mohsen Guizani

Authors
  1. Tasnuva Mahjabin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tieshan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohsen Guizani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang Xiao.

Ethics declarations

Conflict of interest

The authors have not disclosed any conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mahjabin, T., Xiao, Y., Li, T. et al. Hotlist and stale content update mitigation in local databases for DNS flooding attacks. Telecommun Syst 81, 417–430 (2022). https://doi.org/10.1007/s11235-022-00950-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-022-00950-x

Keywords

Search

Navigation