Hybrid Detection and Mitigation of DNS Protocol MITM attack based on Firefly algorithm with Elliptical Curve Cryptography
Keywords:Domain Name Service(DNS), Man in the Middle attack(MITM), DNS MITM attack, Firefly algorithm, Elliptical Curve Cryptography(ECC)
A Domain Name Server is a critical Internet component. It enables users to surf the web and send emails. DNS is a database used by millions ofcomputers to determine which address best answers a user’s query. DNS is an unencrypted protocol that may be exploited in numerous ways. The mostpopular DNS MITM attack uses DNS poisoning to intercept communications and fake them. DNS servers do not verify the IP addresses they forwardtraffic to. In DNS attacks, the attacker either targets the domain name servers or attempts to exploit system weaknesses. The Proposed FFOBLA-ECC model detects the DNS Spoofed nodes in a wireless network using the optimized firefly boosted LSTM with the help of TTL and RTR parametersreceived from the simulation environment and provides authentication between the nodes in order to mitigate it using the Elliptical curve cryptography. The proposed model results are different from the other methods and yield highly accurate results beyond 98% compared with the existing RF, ARF, and KNN methods.
Sinéad Hanley, DNS Overview with a discussion of DNS Spoofing, 2000
Sehgal A., Dixit A, Securing Web Access—DNS Threats and Remedies, In: Rathore V., Worring M., Mishra D., Joshi A., Maheshwari S. (eds) Emerging Trends in Expert Applications and Security. Advances in Intelligent Systems and Computing,2019,vol 841. Springer.
Antonakakis, M., Dagon, D., Luo, X., Perdisci, R., Lee, W., & Bellmor, J. A centralized monitoring infrastructure for improving DNS security,in International Workshop on Recent Advances in Intrusion Detection,Springer,2010,pp. 18-37.
Ju, Y. W., Song, K. H., Lee, E. J., & Shin, Y. T. Cache poisoning detection method for improving security of recursive DNS,in The 9th International Conference on Advanced Communication Technology,IEEE,2010,Vol. 3, pp. 1961-1965.
Park, K., Pai, V. S., Peterson, L. L., & Wang, Z. CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups,in OSDI ,2004,Vol. 4, pp. 14-14.
Poole, L., & Pai, V. S. ConfiDNS: Leveraging Scale and History to Improve DNS Security,in WORLDS,2006.
Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H. DepenDNS: Dependable mechanism against DNS cache poisoning, in International Conference on Cryptology and Network Security, Springer, pp. 174-188.
AlFardan, N. J., & Paterson, K. G. An analysis of DepenDNS, in International Conference on Information Security,Springer,2010,pp. 31-38.
Yuan, L., Kant, K., Mohapatra, P., & Chuah, C. N. DoX: A peer-to-peer antidote for DNS cache poisoning attacks, in 2006 IEEE International Conference on Communications, IEEE,2006, Vol. 5, pp. 2345-2350.
Perdisci, R., Antonakakis, M., & Lee, W.Solving the DNS Cache Poisoning Problem Without Changing the Protocol, Technical report,2008.
Perdisci, R., Antonakakis, M., Luo, X., & Lee, W. WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks, in 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, IEEE,2009, pp. 3-12.
Jayasingh, B. B. DNS Cache Poisoning Attack Analysis and Detection Using Packet Header, CVR Journal of Science and Technology, 2017,Vol.12, pp.108-112.
Lysenko, S., Bobrovnikova, K., Savenko, O., & Shchuka, R. Technique for Cyberattacks Detection Based on DNS Traffic Analysis.
Satam, P., Alipour, H., Al-Nashif, Y. B., & Hariri, S. Anomaly Behavior Analysis of DNS Protocol, J. Internet Serv. Inf. Secur.,2015, Vol.5, No.4, pp. 85-97.
Sharma, C. Feed Forward MLP SPAM domain Detection Using Authoritative DNS Records and Email Log, (Doctoral dissertation, Dublin, National College of Ireland),2020.
Huang, C., Zhang, P., Sun, Y., Zhu, Y., & Liu, Y.SFDS: A Self-Feedback Detection System for DNS Hijacking Based on Multi-Protocol Cross Validation, in 2019 26th International Conference on Telecommunications (ICT)
,IEEE, pp. 238-243.
Musashi, Y., Takemori, K., Kubota, S., & Sugitani, K. Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic.in CSEC-53,2011.
Ju, Y. W., Song, K. H., Lee, E. J., & Shin, Y. T. Cache poisoning detection method for improving security of recursive DNS, in The 9th International Conference on Advanced Communication Technology, IEEE,2007, Vol. 3, pp. 1961-1965.
Maksutov, A. A., Cherepanov, I. A., & Alekseev, M. S. Detection and prevention of DNS spoofing attacks,2017 Siberian Symposium on Data Science and Engineering (SSDSE), IEEE,2017, pp. 84-87.
Sahri, N. M., & Okamura, K. Collaborative Spoofing Detection and Mitigation--SDN Based Looping Authentication for DNS Services,2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), IEEE,2016, Vol. 2, pp. 565- 570.
Wu, H., Dang, X., Zhang, L., & Wang, L.Kalman filter- based DNS cache poisoning attack detection, 2015 IEEE International Conference on Automation Science and Engineering (CASE),IEEE,2015,pp. 1594-1600.
Abdelmajid, N., Amin, A., & Farhan, S. A. Location Based Model for Prevention DNS Spoofing, Proceedings of the 2020 International Conference on Internet Computing for Science and Engineering,2020, pp. 1-4.
Bassil, R., Hobeica, R., Itani, W., Ghali, C., Kayssi, A., & Chehab, A. Security analysis and solution for thwarting cache poisoning attacks in the domain name system, in 2012 19th International Conference on Telecommunications (ICT),IEEE, pp. 1-6.
Cao, J., Ma, M., Wang, X., & Liu, H. A selective re- query case sensitive encoding scheme against DNS cache poisoning attacks, Wireless Personal Communications, 2017,Vol.94,No.3,pp.1263-1279.
Hmood, H. S., Li, Z., Abdulwahid, H. K., & Zhang, Y. Adaptive caching approach to prevent DNS cache poisoning attack,The Computer Journal, 2015,Vol.58,No.4, pp.973-985.
Fan, L., Wang, Y., Cheng, X., & Li, J. Prevent DNS cache poisoning using security proxy, 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, IEEE,2011, pp. 387- 393.
Zhao, Y., Hu, N., Zhang, C., & Cheng, X. DCG: A Client-side Protection Method for DNS Cache, Journal of Internet Services and Information Security (JISIS),2020, Vol.10,No.2, 103-121.
Mohan, J., Puranik, S., & Chandrasekaran, K. Reducing DNS cache poisoning attacks,2015 International Conference on Advanced Computing and Communication Systems, IEEE, pp. 1-6.
Naqash, T., Ubaid, F. B., & Ishfaq, A. Protecting DNS from cache poisoning attack by using secure proxy, 2012 International Conference on Emerging Technologies,IEEE,pp. 1-5.
Tzur-David, S., Lashchiver, K., Dolev, D., & Anker, T. Delay fast packets (dfp): Prevention of DNS cache poisoning., in International Conference on Security and Privacy in Communication Systems, Springer, pp.303- 318.
Wang, Z., Yu, S., & Rose, S. An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks, in International Conference on Security and Privacy in Communication Systems, Springer, 2017, pp. 793-807.
Ma, T., Xu, C., Zhou, Z., Kuang, X., Zhong, L., & Grieco, L. A. Intelligent-Driven Adapting Defense Against the Client-Side DNS Cache Poisoning in the Cloud,in GLOBECOM 2020-2020 IEEE Global Communications Conference, IEEE, pp. 1-6.
Chau, S. Y., Chowdhury, O., Gonsalves, V., Ge, H., Yang, W., Fahmy, S., & Li, N. Adaptive Deterrence of DNS Cache Poisoning, in International Conference on Security and Privacy in Communication Systems, Springer, 2018, pp. 171-191.
Trostle, J., Van Besien, B., & Pujari, A. Protecting against DNS cache poisoning attacks, in 2010 6th IEEE Workshop on Secure Network Protocols, pp. 25-30.
Vixie, P., Gudmundsson, O., Eastlake, D., & Wellington, B. Secret key transaction authentication for DNS (TSIG). RFC 2845,2000.
Eastlake, D. DNS request and transaction signatures (SIG (0) s). RFC 2931, September 2000.
R.Arends, R Austein, M Larson, Daniel Massey, Scott W. Rose. DNS security introduction and requirement, IETF,2005.
D.J.Bernstein. DNSCurve: Usable security for DNS,2009.
Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H.DepenDNS: Dependable mechanism against DNS cache poisoning,International Conference on Cryptology and Network Security ,Springer,2009,pp. 174-188.
Kumar, N., & Ranga, K. K. A Framework for Security of DNS using Cryptography, IJIRST,2015,Vol.2,No.01.
Snigdha, M. S. A Framework for Security of DNS Using Cryptography,2020.
Hussain, M. A., Jin, H., Hussien, Z. A., Abduljabbar, Z. A., Abbdal, S. H., & Ibrahim, A. DNS protection against spoofing and poisoning attacks,2016 3rd International Conference on Information Science and Control Engineering (ICISCE), pp. 1308-1312.
Jalalzai, M. H., Shahid, W. B., & Iqbal, M. M. W. DNS security challenges and best practices to deploy secure DNS with digital signatures, in 2015 12th InternationalBhurban Conference on Applied Sciences and Technology (IBCAST), IEEE, pp. 280-285.
Li, X. J., Ma, M., & Arjun, N. An Encryption Algorithm to Prevent Domain Name System Cache Poisoning Attacks,29th International Telecommunication Networks and Applications Conference (ITNAC), IEEE,2019, pp. 1-6.
Bai, X., Hu, L., Song, Z., Chen, F., & Zhao, K. Defense against DNS man-in-the-middle spoofing, International Conference on Web Information Systems and Mining Springer, 2011, pp. 312-319.
Chen, L., Zhang, Y., Zhao, Q., Geng, G., & Yan, Z. Detection of DNS DDOS attacks with random forest algorithm on spark, Procedia computer science, vol.134,2018, pp. 310-315.
Kozlenko, M., & Tkachuk, V. Deep learning-based detection of DNS spoofing attack,2019
Moubayed, A., Aqeeli, E., & Shami, A. Ensemble-based feature selection and classification model for DNS typosquatting detection,2020 IEEE Canadian
Conference on Electrical and Computer Engineering (CCECE), pp. 1-6.
Do Xuan, C., Nikolaevich, T. V., Dam, N. Q., Hoang, N. Q., & Long, D. H. Malicious domain detection based on DNS query using Machine Learning. International Journal, 2020, Vol.8, No.5.
Jin, Y., Tomoishi, M., & Matsuura, S. A Detection Method Against DNS Cache Poisoning Attacks Using Machine Learning Techniques: Work in Progress,2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), IEEE,2019, pp. 1- 3.
Berger, H., Dvir, A.Z. & Geva, M. A wrinkle in time: a case study in DNS poisoning ,Int. J. Inf. Secur.
,2021,Vol. 20,Pp- 313–329.
Yang, X. S., & He, X., Firefly algorithm: recent advances and applications, International journal of swarm intelligence,2013,Vol.1, No.1,Pp. 36-50.
How to Cite
Copyright (c) 2022 Sabitha Banu. A., Dr. G. Padmavathi
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is an open access article distributed under the terms of the CC BY-NC-SA 4.0, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.