Skip to main content
SpringerLink
Log in

KarmaNet: SDN Solution to DNS-Based Denial-of-Service

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 969))

Included in the following conference series:

  • 1471 Accesses

Abstract

Networks are fundamentally designed to efficiently share network resources among end-users. The Internet has facilitated a global communication and computational environment by interconnecting billions of computers. People depend on the Internet to share professional, personal, confidential, and valuable information with other network users. Because of this high dependency of users, attackers often exploit its weaknesses to paralyze crucial and important segments of the Internet. Domain Name System (DNS) is one such segment whose proper functioning is highly crucial for the Internet to function properly. Attackers often exploit vulnerabilities of the Internet and DNS to launch large scale Distributed Denial of Service (DDoS) attacks and disrupt network services. Such DNS based DDoS attacks generally use IP spoofing to bombard target network/host so as to paralyze them with attack packets. In this paper we present a novel DDoS attack prevention mechanism by utilizing the flexibility and programmability aspects of Software Defined Networks (SDN). The principal philosophy used behind it is to route DNS response packets along the same path which was used by corresponding DNS request packet. Such routing is independent of the destination IP address present in the packet. This way, the malicious host responsible for launching DDoS attack will self-destruct itself. The results of the simulation showed that KarmaNet reduced the network delay by 41% when the network was experiencing a DDoS attack. Also, as any security mechanism comes at a cost, simulations of proposed mechanism shows that it also introduced additional delay of 8%–9% in getting DNS responses as compared to current DNS structure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mockapetris, P.: RFC 1034: Domain names: concepts and facilities (November 1987). Status: Standard, 6 (2003)

    Google Scholar 

  2. Mockapetris, P.: RFC 1035-Domain names-implementation and specification, November 1987 (2004). http://www.ietf.org/rfc/rfc1035.txt

  3. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  4. McKeown, N.: Software-defined networking. INFOCOM Keynote Talk 17(2), 30–32 (2009)

    Google Scholar 

  5. Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)

    Article  Google Scholar 

  6. Feamster, N.: Software defined networking (2013). Retrieved from coursera https://class.coursera.org/sdn-001

  7. Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. 51(11), 24–31 (2013)

    Article  Google Scholar 

  8. Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)

    Article  Google Scholar 

  9. Roolvink, S.: Detecting attacks involving DNS servers (2008)

    Google Scholar 

  10. Guo, F., Chen, J., Chiueh, T.C.: Spoof detection for preventing dos attacks against DNS servers. In: 26th IEEE International Conference on Distributed Computing Systems, ICDCS 2006, pp. 37–37. IEEE (2006)

    Google Scholar 

  11. Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. Rev. 31(3), 38–47 (2001)

    Article  Google Scholar 

  12. Blacka, D., Laurie, B., Sisson, G., Arends, R.: DNS security (DNSSEC) hashed authenticated denial of existence (2008)

    Google Scholar 

  13. Klein, A., Shulman, H., Waidner, M.: Internet-wide study of DNS cache injections. In: INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE, May 2017

    Google Scholar 

  14. Specht, S.M., Lee, R.B.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: ISCA PDCS, pp. 543–550, September 2004

    Google Scholar 

  15. Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)

    Article  Google Scholar 

  16. Krämer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615–636. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_28

    Chapter  Google Scholar 

  17. Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: NDSS, February 2014

    Google Scholar 

  18. Fouladi, R.F., Kayatas, C.E., Anarim, E.: Frequency based DDoS attack detection approach using naive Bayes classification. In: 2016 39th International Conference on Telecommunications and Signal Processing (TSP), pp. 104–107. IEEE, June 2016

    Google Scholar 

  19. Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutorials 18(1), 602–622 (2016)

    Article  Google Scholar 

  20. Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: 2014 Sixth International Conf on Ubiquitous and Future Networks (ICUFN), pp. 63–68. IEEE, July 2014

    Google Scholar 

  21. Belyaev, M., Gaivoronski, S.: Towards load balancing in SDN-networks during DDoS-attacks. In: 2014 First International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), pp. 1–6. IEEE, October 2014

    Google Scholar 

  22. Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017)

    Article  Google Scholar 

  23. Kim, S., Lee, S., Cho, G., Ahmed, M.E., Jeong, J.P., Kim, H.: Preventing DNS amplification attacks using the history of DNS queries with SDN. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 135–152. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_8

    Chapter  Google Scholar 

  24. https://www.calyptix.com/top-threats/top-7-network-attack-types-in-2015-so-far. Accessed 15 June 2018

Download references

Availability

KarmaNet is free and released under the MIT Licence. It is available on GitHub: https://github.com/mittalgovind/KarmaNet-DNS-based-DDoS-Simulation-and-Prevention-Using-SDN.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani, Pilani, 333031, Rajasthan, India

    Govind Mittal & Vishal Gupta

Authors
  1. Govind Mittal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vishal Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vishal Gupta .

Editor information

Editors and Affiliations

  1. Technology and Management, Indian Institute of Information, Kerala, India

    Sabu M. Thampi

  2. Department of Computer Science, Missouri University of Science and Technology, Rolla, MO, USA

    Sanjay Madria

  3. Guangzhou University, Guangzhou, China

    Guojun Wang

  4. Howard University, Washington, DC, USA

    Danda B. Rawat

  5. University of the West of Scotland, Paisley, Glasgow, UK

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mittal, G., Gupta, V. (2019). KarmaNet: SDN Solution to DNS-Based Denial-of-Service. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_33

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-5826-5_33

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5825-8

  • Online ISBN: 978-981-13-5826-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation