Detection of DNS DDoS Attacks with Random Forest Algorithm on Spark

https://doi.org/10.1016/j.procs.2018.07.177Get rights and content
Under a Creative Commons license
open access

Abstract

Domain Name System(DNS) is one of the most foundational and essential services on the Internet, the security and robustness of DNS are of great significance. However, the stable operation of DNS has been threatened by Distributed Denial of Service(DDoS) for quite a long time, especially when the number of registered names of. CN are over 20 million on November 11, 2016. According to our observation, the frequency of volume-based DDoS attacks increased rapidly in recent years, and when the attack happened, not only the authoritative servers were affected, servers of Top Level Domain(TLD) also suffered a lot. In this paper, a model based on Random Forest[1] is applied to traffic classification with an accuracy of 99.2% on Spark. The result shows that the model could be used to deal with large-scale DNS query flows, which is fast enough to be used in practice.

Keywords

DNS
DDoS
Traffic Filtering
Random Forest Algorithm
Spark

Cited by (0)