KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Impact Evaluation of DDoS Attacks on DNS Cache Server Using Queuing Model

  • Wang, Zheng (Computer Network Information Center, Chinese Academy of Sciences) ;
  • Tseng, Shian-Shyong (Department of Information Science and Applications, Asia University)
  • Received : 2012.11.06
  • Accepted : 2013.04.02
  • Published : 2013.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Distributed Denial-of-Service (DDoS) attacks towards name servers of the Domain Name System (DNS) have threaten to disrupt this critical service. This paper studies the vulnerability of the cache server to the flooding DNS query traffic. As the resolution service provided by cache server, the incoming DNS requests, even the massive attacking traffic, are maintained in the waiting queue. The sojourn of requests lasts until the corresponding responses are returned from the authoritative server or time out. The victim cache server is thus overloaded by the pounding traffic and thereafter goes down. The impact of such attacks is analyzed via the model of queuing process in both cache server and authoritative server. Some specific limits hold for this practical dual queuing process, such as the limited sojourn time in the queue of cache server and the independence of the two queuing processes. The analytical results are presented to evaluate the impact of DDoS attacks on cache server. Finally, numerical results are provided for further analysis.

Keywords

References

  1. P. Mockapetris, Domain names - concepts and facilities, Internet Request for Comments (RFC 1034), November 1987.
  2. P. Albitz and C. Liu, DNS and BIND, O'Reilly and Associates, 1998.
  3. H. Rood, "What is in a name, what is in a number: some characteristics of identifiers on electronic networks," Telecommunications Policy, vol.24, pp.533-552, 2000. https://doi.org/10.1016/S0308-5961(00)00049-5
  4. Lajos Takács, "A single-server queue with limited virtual waiting time," Journal of Applied Probability, vol.11, no.3, pp.612-617, 1974. https://doi.org/10.2307/3212710
  5. Do Le Minha, "The GI/G/1 queue with uniformly limited virtual waiting times; the finite dam," Advances in Applied Probability, vol.12, no.2, pp. 501-516, 1980. https://doi.org/10.2307/1426609
  6. Do Le Minha, "The single-server queue with uniformly limited actual waiting times," Optimization, vol.12, no.4, pp.607-621, 1981.
  7. J. Van Velthoven, B. Van Houdt, and C. Blondia, "On the probability of abandonment in queues with limited sojourn and waiting times," Operations Research Letters, vol.34, no.3, pp. 333-338, 2006. https://doi.org/10.1016/j.orl.2005.05.008
  8. H. Yang, H. Luo, Y. Yang, S. Lu, and L. Zhang. "HOURS: Achieving DoS resilience in an open service hierarchy," in Proc. of the International Conference on Dependable Systems and Networks, Palazzo dei Congressi, Florence, Italy, pp.83-93, 2004.
  9. K. Parka, V. Pai, L. Peterson, and Z. Wang. "CoDNS: Improving DNS performance and reliability via cooperative lookups," in Proc. of the 6th conference on Symposium on Opearting Systems Design & Implementation, San Francisco, CA, pp.14-14, 2004.
  10. Hitesh Ballani and Paul Francis. "Mitigating DNS DoS attacks," in Proc. of the 15th ACM conference on Computer and communications security, Alexandria, Virginia, pp.189-198, 2008.
  11. D.M. Koppelman, "Congested Banyan network analysis using congested-queue states and neighboring queue effects," IEEE/ACM Transactions on Networking, vol.4, no.1, pp. 106-111, 2006.
  12. H.C. Tijms, Algorithmic Analysis of Queues, Wiley, Chichester, 2003.
  13. V. Bhaskar, L. Joiner, "Modeling scheduled dataflow architecture - an open queuing network model approach," Int. J. Pure Appl. Math. vol. 18, no. 3, pp. 271-283, 2005.
  14. V. Bhaskar, K. Adjallah, "A hybrid open queuing network approach for multi-threaded dataflow architecture," Int. J. Comput. Commun. vol. 31, no. 17, pp. 4098-4106, 2008. https://doi.org/10.1016/j.comcom.2008.08.017
  15. V. Bhaskar, K. Adjallah, "A hybrid closed queuing network approach to model dataflow in network distributed processors," Int. J. Comput. Commun. vol. 31, no. 1, pp. 119-128, 2008. https://doi.org/10.1016/j.comcom.2007.10.027
  16. V. Bhaskar, "A hybrid closed queuing network model for multi-threaded dataflow architecture," Int. J. Comput. Electric. Eng. vol. 31, no. 8, pp. 556-571, November 2005. https://doi.org/10.1016/j.compeleceng.2005.08.001
  17. V. Bhaskar, G. Lavanya, "Equivalent single-queue-single-server model for a Pentium processor," Applied Mathematical Modelling, vol. 34, no. 9, pp. 2531-2545, September 2010. https://doi.org/10.1016/j.apm.2009.11.018
  18. V. Paxson, S. Floyd, "Wide-area Traffic: The Failure of Poisson Modeling," IEEE/ACM Transactions on Networking, vol. 3, no. 3, pp. 226-244, June 1995. https://doi.org/10.1109/90.392383
  19. R. H. Riedi, W. Willinger, "Towards an improved understanding of network traffic dynamics," Selfsimilar Network Traffic and Performance Evaluation, Wiley, 2000, chapter 20, pp. 507-530.
  20. A. J. Marie, Y. Calas, and T. Alemu, "On the compromise between burstiness and frequency of events," Performance Evaluation, vol. 62, no. 1-4, pp. 382-399, 2005. https://doi.org/10.1016/j.peva.2005.07.020
  21. R. Jain, S. Routhier, "Packet Trains--Measurements and a New Model for Computer Network Traffic," IEEE Journal on Selected Areas in Communications, vol. 4, no. 6, pp. 986-995, 1986. https://doi.org/10.1109/JSAC.1986.1146410
  22. T. Karagiannis, M. Molle, and M. Faloutsos, "A Nonstationary Poisson View of Internet Traffic," in Proc. of the 23th Annual Joint Conference of the IEEE Computer and Communications Societies, San Francisco, CA, pp. 1558-1569, 2004.
  23. W. Cleveland, D. Lin, and D. Sun, "Internet traffic tends toward Poisson and independent as the load increases," Nonlinear Estimation and Classification, D. Denison, M. Hansen, C. Holmes, B. Mallick, and B. Yu, Eds. New York, NY: Springer Verlag, Dec. 2002.
  24. D. Manjunath, B. Sikdar, "Input queued switches for variable length packets: analysis for Poisson and self-similar traffic," Computer Communications, vol.25, no.6, pp. 590-610, 2002. https://doi.org/10.1016/S0140-3664(01)00426-1
  25. A. Kamath, O. Palmon, and S. Plotkin, "Routing and Admission Control in General Topology Networks with Poisson Arrivals," Journal of Algorithms, vol. 27, no. 2, pp. 236-258, 1998. https://doi.org/10.1006/jagm.1997.0923
  26. T. Field, U. Harder, and P. Harrison, Network traffic behaviour in switched Ethernet systems, Performance Evaluation, vol. 58, no. 2-3, pp. 243-260, 2004. https://doi.org/10.1016/j.peva.2004.07.017
  27. S.M. Ross, Introduction to Probability Models (6th ed.), Academic Press, London, 1997.
  28. Ruoyu Yan, Qinghua Zheng and Haifei Li, "Combining Adaptive Filtering and IF Flows to Detect DDoS Attacks within a Router," KSII Transactions on Internet and Information Systems, vol.4, no.3, pp. 428-451, June 2010.
  29. Zhu Jian-Qi, Fu Feng, Chong-kwon Kim, Yin Ke-xin and Liu Yan-Heng, "A DoS Detection Method Based on Composition Self-similarity," KSII Transactions on Internet and Information Systems, vol.6, no.5, pp. 1463-1478, May 2012.