Irom Lalit Meitei
Khundrakpam Johnson Singh
Editorial Notes
NOTICE OF CONCERN: ACM has received evidence that casts doubt on the integrity of the peer review process for the ICIA 2016 Conference. As a result, ACM is issuing a Notice of Concern for all papers published and strongly suggests that the papers from this Conference not be cited in the literature until ACM's investigation has concluded and final decisions have been made regarding the integrity of the peer review process for this Conference.
ABSTRACT
The Domain Name System (DNS) is a critically fundamental element in the internet technology as it translates domain names into corresponding IP addresses. The DNS queries and responses are UDP (User Datagram Protocol) based. DNS name servers are constantly facing threats of DNS amplification attacks. DNS amplification attack is one of the major Distributed Denial of Service (DDoS) attacks, in DNS. The DNS amplification attack victimized huge business and financial companies and organizations by giving disturbance to the customers. In this paper, a mechanism is proposed to detect such attacks coming from the compromised machines. We analysed DNS traffic packet comparatively based on the Machine Learning Classification algorithms such as Decision Tree (TREE), Multi Layer Perceptron (MLP), Naïve Bayes (NB) and Support Vector Machine (SVM) to classify the DNS traffics into normal and abnormal. In this approach attribute selection algorithms such as Information Gain, Gain Ratio and Chi Square are used to achieve optimal feature subset. In the experimental result it shows that the Decision Tree achieved 99.3% accuracy. This model gives highest accuracy and performance as compared to other Machine Learning algorithms.
- TechNet -- Microsoft, How DNS query works, https://technet.microsoft.com/enus/library/cc779380(v=ws.10).aspxGoogle Scholar
- Simon Heron, 2007. Working the botnet: how dynamic DNS is revitalising the zombie army Network Security, January 2007, Issue 1, January 2007, pp. 9--11. Google ScholarDigital Library
- Trace -- SimpleWiki -- The Simpleweb www.simpleweb.org/wiki/Traces. Accessed date 19 November 2015.Google Scholar
- The CAIDA Anonymized OC48 Internet Traces Dataset http://www.caida.org/data/passive/passive_oc48_dataset.xml. Accessed date 21 November 2015.Google Scholar
- Khushboo Satpute, S. Agrawal, J. Agrawal, Sanjeev Sharma. A Survey on Anomaly Detection in Network Intrusion Detection System Using Particle Swarm Optimization Based Machine Learning Techniques. Proc. of Int. Conf. on Front of Intell Comput., AISC 199, pp. 441--452.Google Scholar
- T. T. Nguyen and G. Armitage, 2008. A Survey of techniques for internet traffic classification using machine learning. Commun. Surveys & Tutorials, vol. 10, no. 4, pp. 56--76, Oct. 2008 Google ScholarDigital Library
- Marios Anagnostopoulos, 2013. DNS Amplification Attack Revisited. Computer & Security, Vol. 39,Part B, November 2013, pp. 475--485. Google ScholarDigital Library
- Claude Fachkha, 2014. Fingerprinting Internet DNS Amplification DDoS Activities. 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), 2014, pp. 1--5.Google Scholar
- Weizhang Ruan, 2013. Pattern Discovery in DNS Query Traffic. Procedia Computer Science Vol. 17, 2013, pp. 80--87.Google ScholarCross Ref
- UzmaSattar, 2013. Secure DNS from amplification attack by using Modified Bloom Filters. Eighth International Conference on Digital Information Management (ICDIM), 2013, pp. 20--23.Google Scholar
- Georgios Kambourakis, 2007. A Fair Solution to DNS Amplification Attacks. Second International Workshop on Digital Forensics and Incident Analysis (WDFIA), 2007. Google ScholarDigital Library
- Boris Sieklik, Richard Macfarlane, William J. Buchanan, 2016. Evaluation of TFTP DDoS amplification attack. Computers and Security, Vol. 57, March 2016, pp. 67--92. Google ScholarDigital Library
- H. Choi, H. Lee and H. Kim, 2007. Botnet Detection by Monitoring Group Activities in DNS traffic. 7th IEEE International Conference on Computer and Information Technology (CIT), 2007. pp. 715--720. Google ScholarDigital Library
- Ricardo Villamarin Salomon, Jose Carlos Brustoloni. Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic. 5th IEEE Consumer Communications and Networking Conference (CCNC), 2008, pp. 476--481.Google Scholar
- Tejmani Sinam, Nandarani Ngasham, Pradeep Lamabam, Irengbam Tilokchan Singh, Sukumar Nandi, 2014. Early Detection of VoIP Network Flows based on Sub-Flow Statistical Characteristics of Flows using Machine Learning Techniques. 2014 IEEE International Conference on Advanced Networks and Telecommunications Systems (ATNS), 2014, pp. 1--6.Google ScholarCross Ref
- Alan Saied, Richard E. Overill, Tomasz Radzik, 2016. Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing, Vol. 172, January 2016, pp. 385--393. Google ScholarDigital Library
- US-CERT, DNS Amplification attack, https://www.us-cert.gov/ncas/alerts/TA13-088A. Accessed date 23 September 2015.Google Scholar
- Xi YE, Yiru YE, 2013. A Practical Mechanism to Counteract DNS Amplification DDoS Attacks. Journal of Computational Information Systems, Vol. 9(1), 2013, pp. 265--272.Google Scholar
- Richard Sharp, Ed Warnicke. Wireshark User's Guide. https://www.wireshark.org/docs/wsug_html_chunked/.Google Scholar
- Sergios Theodoridis, Konstantinos Kautroumbas. Pattern Recognition. Second Edition.Google Scholar
- Decision Tree Learining, http://www.ke.tu-darmstadt.de/lehre/archiv/ws0809/mldm/dt.pdf. Accessed date 15 December 2015.Google Scholar
- T.M. Cover and J.A. Thomas, "Elements of Information Theory", Second Edition.Google Scholar
- Huan Lui, R. Setiono, 1995. Chi2: feature selection and discretization of numeric attributes. In Proceedings, Seventh International Conference on Tools with Artificial Intelligence, 1995, pp. 388--391. Google ScholarDigital Library
- Bradley, A.P., 1997. The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognition, Vol. 30(7), 1997, pp. 1145--1159. Google ScholarDigital Library
- Lutz Hamel, 2008. Model Assessment with ROC curves. The Encyclopedia of Data Warehousing and Mining, 2nd Edition Idea Group Publishers, 2008.Google Scholar
Recommendations
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityIn this paper, we report a series of flaws in the software stack that leads to a strong revival of DNS cache poisoning --- a classic attack which is mitigated in practice with simple and effective randomization-based defenses such as randomized source ...
DNSSEC and its potential for DDoS attacks: a comprehensive measurement study
IMC '14: Proceedings of the 2014 Conference on Internet Measurement ConferenceOver the past five years we have witnessed the introduction of DNSSEC, a security extension to the DNS that relies on digital signatures. DNSSEC strengthens DNS by preventing attacks such as cache poisoning. However, a common argument against the ...
DNS amplification attack revisited
It is without doubt that the Domain Name System (DNS) is one of the most decisive elements of the Internet infrastructure; even a slight disruption to the normal operation of a DNS server could cause serious impairment to network services and thus ...
Comments