Netinfo Security ›› 2019, Vol. 19 ›› Issue (9): 56-60.doi: 10.3969/j.issn.1671-1122.2019.09.012

• Orginal Article • Previous Articles     Next Articles

Mitigating DDoS Attack Based on DNS Response Value Assessment

Qiaoli YUE, Wanbo LV, Weihong HU, Haikuo ZHANG   

  1. China Internet Network Information Center, Beijing 100190, China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

Abstract:

The prevalent defense mechanisms against DDoS focus on detecting and filtering the attack traffic before it can reach the target host based on the traffic patterns. However, this strategy overlooks the impact of attack traffic on the outbound bandwidth of name servers. In this paper, we proposed a method for assessing DNS response value based on analytic hierarchy process. The authoritative servers can be protected by discarding low-value traffic and prioritizing to serve high-value responses, thereby improving the quality of DNS service.

Key words: DNS response value, amplification attack, DDoS defense

CLC Number: