A defense mechanism against the DNS amplification attack in SDN

Abstract

As one of the most harmful DDoS (distributed deny of service) attacks, the DNS (domain name system) amplification attack has been a big threat to nowadays networks. Researchers have done much work to defend against this kind of attack in traditional networks. The SDN (software defined network) architecture, as a clear indication of future networking architecture, faces the same threat of DNS amplification attack. In this paper, we propose a defense mechanism consisting of three phases. The defense mechanism can easily detect the attacks, protect the victim quickly, then pinpoint all zombies and finally isolate them from the SDN network. Simulation results show that the proposed mechanism detects attacks accurately with low consumption, protects victim with quick response and has little impact on normal DNS queries of victim. Besides, after pinpointing and isolating all zombies in the network, the whole network's recovery speed is increased.