Paper Abstract and Keywords |
Presentation |
2016-03-03 13:00
Collaborative Spoofing Detection and Mitigation - SDN based looping authentication for DNS services Nor Masri bin Sahri, Koji Okamura (Kyushu University) SITE2015-58 IA2015-90 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
As DNS packet are mostly UDP-based, make it as a perfect platform for hackers to launch a well-known type of distributed denial of service (DDoS). The purpose of this attack is to saturate the DNS server availability and resources with ?unwanted? DNS query traffic. This type of attack utilizes a large number of botnet and usually perform spoofing on the IP address of the targeted victim. While it is difficult to identify which one is legitimate or attack traffic, we take a different approach for spoofing detection and mitigation strategies to protect the DNS server by utilizing Software Defined Networking (SDN). In this paper, we present CAuth, a novel mechanism that autonomously block the spoofing query packet while authenticate the legitimate query. By manipulating Openflow control message, we design a collaborative approach between client and server network. Whenever a server controller receives query packet, it will send an authentication packet back to the client network and later the client controller also reply via authentication packet back to the server controller. The server controller will only forward the query to the respective server if it receives the replied authentication packet from the client. Most notably, our mechanism designed with no changes in existing DNS application and Openflow protocol. From the evaluation, CAuth instantly manage to block 100% spoofing query packet as soon as the mechanism started. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
spoofing detection / dns flooding attack / authentication / network security / openflow / SDN / / |
Reference Info. |
IEICE Tech. Rep., vol. 115, no. 482, IA2015-90, pp. 55-60, March 2016. |
Paper # |
IA2015-90 |
Date of Issue |
2016-02-25 (SITE, IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
SITE2015-58 IA2015-90 |
Conference Information |
Committee |
IA SITE IPSJ-IOT |
Conference Date |
2016-03-03 - 2016-03-04 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Nijino-Matsubara Hotel (Karatsu-shi, Saga-prefecture) |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Internet and Information Ethics Education, etc. |
Paper Information |
Registration To |
IA |
Conference Code |
2016-03-IA-SITE-IOT |
Language |
English |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Collaborative Spoofing Detection and Mitigation - SDN based looping authentication for DNS services |
Sub Title (in English) |
|
Keyword(1) |
spoofing detection |
Keyword(2) |
dns flooding attack |
Keyword(3) |
authentication |
Keyword(4) |
network security |
Keyword(5) |
openflow |
Keyword(6) |
SDN |
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Nor Masri bin Sahri |
1st Author's Affiliation |
Kyushu University (Kyushu University) |
2nd Author's Name |
Koji Okamura |
2nd Author's Affiliation |
Kyushu University (Kyushu University) |
3rd Author's Name |
|
3rd Author's Affiliation |
() |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2016-03-03 13:00:00 |
Presentation Time |
25 minutes |
Registration for |
IA |
Paper # |
SITE2015-58, IA2015-90 |
Volume (vol) |
vol.115 |
Number (no) |
no.481(SITE), no.482(IA) |
Page |
pp.55-60 |
#Pages |
6 |
Date of Issue |
2016-02-25 (SITE, IA) |
|