SDN-based Detection and Mitigation System for DNS Amplification Attacks

Abstract

DNS amplification is a type of reflection-based DDoS attacks, and they are very hazardous for the reliability of victims within the network. To prevent or mitigate such attacks, a significant amount of work is being done both on conventional networks and on SDN-based networks. This study aimed to detect and reduce the effects of DNS amplification attacks in SDN-based with the developed system. This system aims to monitor the variations in the amplification factor and TTL header to initiate mitigation and sustain the victim's life. It also ensures that legitimate packets are not suspected in the process. In doing so, it is aimed to generate alarms and mitigation by using the central management feature of SDN, by writing the metrics into a time series database immediately. Experimental results show that this system can be used SDN-based networks and prevent an attack in reactively. It has also been observed that it can be used not only for DNS amplification attacks but also for other UDP-based amplification/reflection attacks. © 2020 Elsevier B.V., All rights reserved.