MTDNS: Moving Target Defense for Resilient DNS Infrastructure
- URL: http://arxiv.org/abs/2410.02254v1
- Date: Thu, 3 Oct 2024 06:47:16 GMT
- Title: MTDNS: Moving Target Defense for Resilient DNS Infrastructure
- Authors: Abdullah Aydeger, Pei Zhou, Sanzida Hoque, Marco Carvalho, Engin Zeydan,
- Abstract summary: DNS (Domain Name System) is one of the most critical components of the Internet.
Researchers have been constantly developing methods to detect and defend against the attacks against DNS.
Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped.
We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
- Score: 2.8721132391618256
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: One of the most critical components of the Internet that an attacker could exploit is the DNS (Domain Name System) protocol and infrastructure. Researchers have been constantly developing methods to detect and defend against the attacks against DNS, specifically DNS flooding attacks. However, most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped, making them highly dependable on detection strategies. In this paper, we propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques through Software Defined Networking (SDN) switches to redirect traffic to alternate DNS servers that are dynamically created and run under the Network Function Virtualization (NFV) framework. The proposed approach is implemented in a testbed environment by running our DNS servers as separate Virtual Network Functions, NFV Manager, SDN switches, and an SDN Controller. The experimental result shows that the MTDNS approach achieves a much higher success rate in resolving DNS queries and significantly reduces average latency even if there is a DNS flooding attack.
Related papers
- Analysis of Robust and Secure DNS Protocols for IoT Devices [8.574167373120648]
We investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF)
We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits.
arXiv Detail & Related papers (2025-02-13T19:16:39Z) - DNSSEC+: An Enhanced DNS Scheme Motivated by Benefits and Pitfalls of DNSSEC [1.8379423176822356]
We introduce DNSSEC+, a novel DNS scheme designed to mitigate the security and privacy vulnerabilities of the DNS resolution process between resolvers and name servers.
We show that for server-side processing latency, resolution time, and CPU usage, DNSSEC+ is comparable to less-secure schemes but significantly outperforms DNS-over-TLS.
arXiv Detail & Related papers (2024-08-02T01:25:14Z) - Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet [0.9319432628663636]
We propose a novel technique for identifying DNSSEC-validating resolvers.
We find that while most open resolvers are DNSSEC-enabled, less than 18% in IPv4 (38% in IPv6) validate received responses.
arXiv Detail & Related papers (2024-05-30T08:58:18Z) - TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning.
This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records.
TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
arXiv Detail & Related papers (2023-12-07T08:03:10Z) - Decompose to Adapt: Cross-domain Object Detection via Feature
Disentanglement [79.2994130944482]
We design a Domain Disentanglement Faster-RCNN (DDF) to eliminate the source-specific information in the features for detection task learning.
Our DDF method facilitates the feature disentanglement at the global and local stages, with a Global Triplet Disentanglement (GTD) module and an Instance Similarity Disentanglement (ISD) module.
By outperforming state-of-the-art methods on four benchmark UDA object detection tasks, our DDF method is demonstrated to be effective with wide applicability.
arXiv Detail & Related papers (2022-01-06T05:43:01Z) - Classifying DNS Servers based on Response Message Matrix using Machine
Learning [1.898617934078969]
We propose a detection mechanism for DNS servers used as reflectors by using a DNS server feature matrix built from a small number of packets and a machine learning algorithm.
The F1 score of bad DNS server detection was more than 0.9 when the test and training data are generated within the same day, and more than 0.7 for the data not used for the training and testing phase of the same day.
arXiv Detail & Related papers (2021-11-09T10:20:17Z) - Adversarial Attacks on Deep Learning Based Power Allocation in a Massive
MIMO Network [62.77129284830945]
We show that adversarial attacks can break DL-based power allocation in the downlink of a massive multiple-input-multiple-output (maMIMO) network.
We benchmark the performance of these attacks and show that with a small perturbation in the input of the neural network (NN), the white-box attacks can result in infeasible solutions up to 86%.
arXiv Detail & Related papers (2021-01-28T16:18:19Z) - Optimized Random Forest Model for Botnet Detection Based on DNS Queries [8.641714871787595]
Domain Name System (DNS) protocol has several security vulnerabilities.
One promising solution to detect DNS-based botnet attacks is adopting machine learning (ML) based solutions.
This paper proposes a novel optimized ML-based framework to detect botnets based on their corresponding DNS queries.
arXiv Detail & Related papers (2020-12-16T16:34:11Z) - Practical Detection of Trojan Neural Networks: Data-Limited and
Data-Free Cases [87.69818690239627]
We study the problem of the Trojan network (TrojanNet) detection in the data-scarce regime.
We propose a data-limited TrojanNet detector (TND), when only a few data samples are available for TrojanNet detection.
In addition, we propose a data-free TND, which can detect a TrojanNet without accessing any data samples.
arXiv Detail & Related papers (2020-07-31T02:00:38Z) - Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood
Ensemble [163.3333439344695]
Dirichlet Neighborhood Ensemble (DNE) is a randomized smoothing method for training a robust model to defense substitution-based attacks.
DNE forms virtual sentences by sampling embedding vectors for each word in an input sentence from a convex hull spanned by the word and its synonyms, and it augments them with the training data.
We demonstrate through extensive experimentation that our method consistently outperforms recently proposed defense methods by a significant margin across different network architectures and multiple data sets.
arXiv Detail & Related papers (2020-06-20T18:01:16Z) - DNS Tunneling: A Deep Learning based Lexicographical Detection Approach [1.3701366534590496]
DNS Tunneling is attractive to hackers who exploit it to establish bidirectional communication with machines infected with malware.
The present work proposes a detection approach based on a Convolutional Neural Network (CNN) with a minimal architecture complexity.
Despite its simple architecture, the resulting CNN model correctly detected more than 92% of total Tunneling domains with a false positive rate close to 0.8%.
arXiv Detail & Related papers (2020-06-11T00:10:13Z) - Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
Botnets are now a major source for many network attacks, such as DDoS attacks and spam.
In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
arXiv Detail & Related papers (2020-03-13T15:34:33Z) - Skip Connections Matter: On the Transferability of Adversarial Examples
Generated with ResNets [83.12737997548645]
Skip connections are an essential component of current state-of-the-art deep neural networks (DNNs)
Use of skip connections allows easier generation of highly transferable adversarial examples.
We conduct comprehensive transfer attacks against state-of-the-art DNNs including ResNets, DenseNets, Inceptions, Inception-ResNet, Squeeze-and-Excitation Network (SENet)
arXiv Detail & Related papers (2020-02-14T12:09:21Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.