Visible to the public DDoS Attack Mitigation through Root-DNS Server: A Case Study

TitleDDoS Attack Mitigation through Root-DNS Server: A Case Study
Publication TypeConference Paper
Year of Publication2019
AuthorsSaridou, Betty, Shiaeles, Stavros, Papadopoulos, Basil
Conference Name2019 IEEE World Congress on Services (SERVICES)
ISBN Number978-1-7281-3851-0
Keywordsanycast, Computer crime, computer network security, cyber security, DDoS, DDoS attack mitigation, domain name system, high availability, IP anycast, IP networks, k-nearest neighbors, load balancing, Load management, logistic regression, machine learning, Metrics, Predictive models, predictive security metrics, Probes, pubcrawl, quality of service, Random Forest, resource allocation, RIPE Atlas, root dns, root-DNS server, Routing protocols, Servers, Support vector machines, telecommunication traffic, traffic routing algorithms, true positive rate metric

Load balancing and IP anycast are traffic routing algorithms used to speed up delivery of the Domain Name System. In case of a DDoS attack or an overload condition, the value of these protocols is critical, as they can provide intrinsic DDoS mitigation with the failover alternatives. In this paper, we present a methodology for predicting the next DNS response in the light of a potential redirection to less busy servers, in order to mitigate the size of the attack. Our experiments were conducted using data from the Nov. 2015 attack of the Root DNS servers and Logistic Regression, k-Nearest Neighbors, Support Vector Machines and Random Forest as our primary classifiers. The models were able to successfully predict up to 83% of responses for Root Letters that operated on a small number of sites and consequently suffered the most during the attacks. On the other hand, regarding DNS requests coming from more distributed Root servers, the models demonstrated lower accuracy. Our analysis showed a correlation between the True Positive Rate metric and the number of sites, as well as a clear need for intelligent management of traffic in load balancing practices.

Citation Keysaridou_ddos_2019