DNS Amplification Based DDoS Attacks in SDN Environment: Detection and Mitigation

Abstract

Domain Name System (DNS) amplification based Distributed Denial of Service (DDoS) attacks have been part of the Internet's history for a long time. Since the inception of Internet protocol, several security measures, improved protocols, and hardware have been developed but there still is not a foolproof way to avoid such DDoS attacks. Attackers have used it to congest networks and servers with the aim of disrupting services which in turn lead to huge financial losses. Software-Defined Network (SDN) environment has evolved as a promising alternative to legacy networks. It essentially gives the underlying network an external controller (brain) which makes respective network layer devices centrally programmable. This gives administrators absolute control over the network, to decide and take action on how each and every packet in the network should move around. It is predicted as the future of computer networking to thwart major cyberattacks with nearly full autonomy on the network. Through this research, it is intended to identify and mitigate DNS Amplification based DDoS attacks in such an environment. A middle-layer third-party solution is proposed to protect an organization's network by offloading the attack to an open flow enabled SDN network. Using a bloom filter as a defense mechanism, detection and mitigation of an attack is done.