Abstract: Domain Name System (DNS) is considered a vital service for the internet and network operations, and practically this service is configured and accessible across networks’ firewalls. Therefore, attackers take advantage of this open configuration to attack a network’s DNS server in order to use it as a reflector to achieve Denial of Service (DoS) attacks. Most protection methods such as intrusion prevention and detection systems use blended tactics such as blocked lists for suspicious sources, and thresholds for traffic volumes to detect and defend against DoS flooding attacks. However, these protection methods are not often successful. In this paper, we propose a new method to sense and protect DNS systems from DoS and Distributed DoS (DDoS) attacks. The main idea in our approach is to distribute the DNS request mapping into more than one DNS resolver such that an attack on one server should not affect the entire DNS service. Our approach uses Multi-Protocol Label Switching (MPLS) along with multi-path routing to achieve this goal. Also, we use threshold secret sharing to code the distributed DNS requests. Our findings and results show that this approach performs better when compared with the traditional DNS structure.
Keywords: DNS, DoS, multipath routing, security, MPLS
Sahel Alouneh, 1) German Jordanian University, Amman, Jordan 2) Al Ain University, Abu Dhabi, UAE
Sahel Alouneh is a full professor of electrical and computer engineering. Currently, he is the program director of the Cybersecurity program in the College of Engineering, Al Ain University, Abu Dhabi campus, UAE. He is currently on Sabbatical leave from the German Jordanian University. Prof. Alouneh obtained his B.Sc. in electrical and computer engineering from Jordan University of Science and Technology (JUST), Jordan in 2000. His M.Sc. and Ph.D. were obtained from Concordia University, Canada in 2004 and 2008 respectively. His research interests include computer and communication networks, big data security, cloud computing, software security, MPLS security and recovery, Wireless networks security, Software testing, computer design, and architecture.