Title :
Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-Related Internet Threats
Author :
Chatzis, Nikolaos
Author_Institution :
Fraunhofer Inst. FOKUS, Berlin
Abstract :
The Domain Name System is the largest distributed system in operation today and a critical infrastructure component that can be regarded as one nervous system of the current Internet. Because of its critical role DNS is involved in manifold Internet attacks both against the system itself or other Internet hosts. This paper presents an exhaustive analysis of Internet threats involving the DNS classifying them in three categories: name server vulnerabilities, authenticity and integrity attacks, and consumption attacks. Attacks consuming Internet infrastructure resources are inadequately addressed today and from a network operator perspective they remain the major operational security issue. We show that many consumption attacks cause anomalies in DNS traffic, which implies that behaviour-based security on the name servers is a promising research area against this class of Internet attacks.
Keywords :
Internet; security of data; Domain Name System security; Internet threat; authenticity; consumption attack; distributed system; integrity attack; name server vulnerability; Domain Name System; IP networks; Internet; Manifolds; Nervous system; Network servers; Security; Taxonomy; Telecommunication traffic; Web server;
Conference_Titel :
Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on
Conference_Location :
Valencia
Print_ISBN :
978-0-7695-2989-9
DOI :
10.1109/SECUREWARE.2007.4385307
