Formal Analysis of the DNS Bandwidth Amplification Attack and Its Countermeasures Using Probabilistic Model Checking

@article{Deshpande2011FormalAO,
  title={Formal Analysis of the DNS Bandwidth Amplification Attack and Its Countermeasures Using Probabilistic Model Checking},
  author={Tushar Deshpande and Panagiotis Katsaros and Stylianos Basagiannis and Scott A. Smolka},
  journal={2011 IEEE 13th International Symposium on High-Assurance Systems Engineering},
  year={2011},
  pages={360-367}
}
The DNS Bandwidth Amplification Attack (BAA) is a distributed denial-of-service attack in which a network of computers floods a DNS server with responses to requests that have never been made. Amplification enters into the attack by virtue of the fact that a small 60-byte request can be answered by a substantially larger response of 4,000 bytes or more in size. We use the PRISM probabilistic model checker to introduce a Continuous Time Markov Chain model of the DNS BAA and three recently… CONTINUE READING

Similar Papers

Citations

Publications citing this paper.
SHOWING 1-10 OF 13 CITATIONS

Detecting DNS Reflection Amplification DDoS Attack Originating from the Cloud

  • 2018 13th International Conference on Computer Engineering and Systems (ICCES)
  • 2018
VIEW 2 EXCERPTS
CITES BACKGROUND

Formal Methods for Energy-Efficient EPONs

  • IEEE Transactions on Green Communications and Networking
  • 2018
VIEW 1 EXCERPT
CITES BACKGROUND

Quantitative analysis of firewall security under DDoS attacks in smart grid AMI networks

  • 2017 IEEE 3rd International Conference on Electro-Technology for National Development (NIGERCON)
  • 2017
VIEW 1 EXCERPT
CITES BACKGROUND

A Behavior-Based Method for Detecting DNS Amplification Attacks

  • 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS)
  • 2016
VIEW 1 EXCERPT
CITES BACKGROUND

Stopping Amplified DNS DDoS Attacks through Distributed Query Rate Sharing

  • 2016 11th International Conference on Availability, Reliability and Security (ARES)
  • 2016
VIEW 1 EXCERPT
CITES BACKGROUND

Infer Gene Regulatory Networks from Time Series Data with Probabilistic Model Checking

  • 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering
  • 2015
VIEW 1 EXCERPT
CITES BACKGROUND

References

Publications referenced by this paper.
SHOWING 1-10 OF 31 REFERENCES

The Futility of DNSSec

VIEW 5 EXCERPTS
HIGHLY INFLUENTIAL

Formal analysis of the Kaminsky DNS cache-poisoning attack using probabilistic model checking

N. Alexiou, T. Deshpande, S. Basagiannis, P. Katsaros, S. A. Smolka
  • IEEE 12th Int. Symposium on High-Assurance Systems Engineering (HASE’10), 2010, pp. 94–103.
  • 2010
VIEW 1 EXCERPT

DNS Measurements at the .CN TLD Servers

  • 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery
  • 2009
VIEW 1 EXCERPT