Detection of Denial of Service Attacks against Domain Name System Using Neural Networks

Along with the explosive growth of the Internet, the demand for efficient and secure Internet Infrastructure has been increasing. For the entire chain of Internet connectivity the Domain Name System (DNS) provides name to address mapping services. Hackers exploit this fact to damage different par...

Full description

Saved in:
Bibliographic Details
Main Author: Rastegari, Samaneh
Format: Thesis
Language:English
English
Published: 2009
Online Access:http://psasir.upm.edu.my/id/eprint/7302/1/FK_2009_23a.pdf
http://psasir.upm.edu.my/id/eprint/7302/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Along with the explosive growth of the Internet, the demand for efficient and secure Internet Infrastructure has been increasing. For the entire chain of Internet connectivity the Domain Name System (DNS) provides name to address mapping services. Hackers exploit this fact to damage different parts of Internet. In order to prevent this system from different types of attacks, we need to prepare a classification of possible security threats against DNS. This dissertation focuses on Denial of Service (DoS) attacks as the major security issue during last years, and gives an overview of techniques used to discover and analyze them. The process of detection and classification of DoS against DNS has been presented in two phases in our model. The proposed system architecture consists of a statistical pre-processor and a machine learning engine. The first step in our work was to generate the DNS traffic in normal and attack situations for using as the input of our intrusion detection system (IDS). With the prior knowledge of DoS attacks against DNS, we used a network simulator to model DNS traffic with high variability. Therefore, the difficulty of creating different scenarios of attacks in a real environment has been decreased. The pre-processor, processes the collected data statistically and derives the final variable values. These parameters are the inputs of the detector engine. In the current research for our machine learning engine, we aimed to find the optimum machine learning algorithm to be used as an IDS. The performance of our system was measured in terms of detection rate, accuracy, and false alarm rate. The results indicated that the three layered back propagation neural network with a 3-7-3 structure provides a detection rate of 99.55% for direct DoS attacks and 97.82% for amplification DoS attacks. It can give us 99% accuracy and an acceptable false alarm rate of 0.28% comparing to other types of classifiers.