Abstract
We present the first defence against DNS-amplification DoS attacks, which is compatible with the common DNS servers configurations and with the (important standard) DNSSEC. We show that the proposed DNS-authentication system is efficient, and effectively prevents DNS-based amplification DoS attacks abusing DNS name servers. We present a gametheoretic model and analysis, predicting a wide-spread adoption of our design, sufficient to reduce the threat of DNS amplification DoS attacks. To further reduce costs and provide additional defences for DNS servers, we show how to deploy our design as a cloud based service.
| Original language | English |
|---|---|
| Pages | 356-365 |
| Number of pages | 10 |
| DOIs | |
| State | Published - 8 Dec 2014 |
| Event | 30th Annual Computer Security Applications Conference, ACSAC 2014 - New Orleans, United States Duration: 8 Dec 2014 → 12 Dec 2014 |
Conference
| Conference | 30th Annual Computer Security Applications Conference, ACSAC 2014 |
|---|---|
| Country/Territory | United States |
| City | New Orleans |
| Period | 8/12/14 → 12/12/14 |
Keywords
- DNS Amplification
- DNS Authentication
- DNS Reflection
- Denial of service attacks
- Source Authentication