LEVERAGING SDN AND NFV FOR DNS AMPLIFICATION OR REFLECTION ATTACK DETECTION AND MITIGATION

Nesary, Mohammad Mashud

01 August 2023

Domain Name System (DNS) is virtually the distributed directory of the Internet for obtaining the Internet Protocol (IP) addresses to access web resources. DNS has always been one of the prime targets for cyber attackers either to inundate different types of DNS servers with attack traffic and false records or to exploit the DNS protocol to perform targeted attacks to user machines. DNS amplification or reflection attacks are some of the most fundamental types of DNS specific Denial-of-Service (DoS) attacks. In this type of attack, users are denied service as the server needs to process spoofed DNS query from the attackers and victim machines receive unsolicited DNS response. Software Defined Networking (SDN) and Network Function Virtualization (NFV) are the technological breakthroughs which have brought transformational change in operating and maintaining network services. These have also opened new avenues to deal with those cyber-attacks along with introducing a whole new set of security threats or vulnerabilities that need to be taken care of. In this paper, we propose detection and mitigation strategies to combat DNS amplification or reflection attacks leveraging the functionalities of both SDN and NFV. We reviewed the existing literature of related approaches, incorporated Moving Target Defense (MTD) techniques into the security solutions, discussed the deployment options of vDNS (Virtual DNS) servers, and elaborated on the security issues involved with SDN and NFV. This work could potentially augment the security of the DNS infrastructure while improving the scalability and agility and provide future direction in research and practice.

DNS

DNS Amplification Attack

NFV

SDN

vDNS