Hybrid Detection and Mitigation of DNS Protocol MITM attack based on Firefly algorithm with Elliptical Curve Cryptography

Sabitha Banu. A.; Dr. G. Padmavathi

doi:10.4108/eetpht.v8i4.3081

Authors

Sabitha Banu. A. Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore, India
Dr. G. Padmavathi Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore, India

DOI:

https://doi.org/10.4108/eetpht.v8i4.3081

Keywords:

Domain Name Service(DNS), Man in the Middle attack(MITM), DNS MITM attack, Firefly algorithm, Elliptical Curve Cryptography(ECC)

Abstract

A Domain Name Server is a critical Internet component. It enables users to surf the web and send emails. DNS is a database used by millions ofcomputers to determine which address best answers a user’s query. DNS is an unencrypted protocol that may be exploited in numerous ways. The mostpopular DNS MITM attack uses DNS poisoning to intercept communications and fake them. DNS servers do not verify the IP addresses they forwardtraffic to. In DNS attacks, the attacker either targets the domain name servers or attempts to exploit system weaknesses. The Proposed FFOBLA-ECC model detects the DNS Spoofed nodes in a wireless network using the optimized firefly boosted LSTM with the help of TTL and RTR parametersreceived from the simulation environment and provides authentication between the nodes in order to mitigate it using the Elliptical curve cryptography. The proposed model results are different from the other methods and yield highly accurate results beyond 98% compared with the existing RF, ARF, and KNN methods.

Downloads

Download data is not yet available.

References

https://www.cloudflare.com/en-in/learning/dns/what-is- dns/

Sinéad Hanley, DNS Overview with a discussion of DNS Spoofing, 2000

Sehgal A., Dixit A, Securing Web Access—DNS Threats and Remedies, In: Rathore V., Worring M., Mishra D., Joshi A., Maheshwari S. (eds) Emerging Trends in Expert Applications and Security. Advances in Intelligent Systems and Computing,2019,vol 841. Springer. DOI: https://doi.org/10.1007/978-981-13-2285-3_40

https://zcybersecurity.com/blockchain-in-cybersecurity- use-cases/

Antonakakis, M., Dagon, D., Luo, X., Perdisci, R., Lee, W., & Bellmor, J. A centralized monitoring infrastructure for improving DNS security,in International Workshop on Recent Advances in Intrusion Detection,Springer,2010,pp. 18-37. DOI: https://doi.org/10.1007/978-3-642-15512-3_2

Ju, Y. W., Song, K. H., Lee, E. J., & Shin, Y. T. Cache poisoning detection method for improving security of recursive DNS,in The 9th International Conference on Advanced Communication Technology,IEEE,2010,Vol. 3, pp. 1961-1965.

Park, K., Pai, V. S., Peterson, L. L., & Wang, Z. CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups,in OSDI ,2004,Vol. 4, pp. 14-14.

Poole, L., & Pai, V. S. ConfiDNS: Leveraging Scale and History to Improve DNS Security,in WORLDS,2006.

Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H. DepenDNS: Dependable mechanism against DNS cache poisoning, in International Conference on Cryptology and Network Security, Springer, pp. 174-188.

AlFardan, N. J., & Paterson, K. G. An analysis of DepenDNS, in International Conference on Information Security,Springer,2010,pp. 31-38. DOI: https://doi.org/10.1007/978-3-642-18178-8_4

Yuan, L., Kant, K., Mohapatra, P., & Chuah, C. N. DoX: A peer-to-peer antidote for DNS cache poisoning attacks, in 2006 IEEE International Conference on Communications, IEEE,2006, Vol. 5, pp. 2345-2350. DOI: https://doi.org/10.1109/ICC.2006.255120

Perdisci, R., Antonakakis, M., & Lee, W.Solving the DNS Cache Poisoning Problem Without Changing the Protocol, Technical report,2008.

Perdisci, R., Antonakakis, M., Luo, X., & Lee, W. WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks, in 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, IEEE,2009, pp. 3-12. DOI: https://doi.org/10.1109/DSN.2009.5270363

Jayasingh, B. B. DNS Cache Poisoning Attack Analysis and Detection Using Packet Header, CVR Journal of Science and Technology, 2017,Vol.12, pp.108-112.

Lysenko, S., Bobrovnikova, K., Savenko, O., & Shchuka, R. Technique for Cyberattacks Detection Based on DNS Traffic Analysis.

Satam, P., Alipour, H., Al-Nashif, Y. B., & Hariri, S. Anomaly Behavior Analysis of DNS Protocol, J. Internet Serv. Inf. Secur.,2015, Vol.5, No.4, pp. 85-97.

Sharma, C. Feed Forward MLP SPAM domain Detection Using Authoritative DNS Records and Email Log, (Doctoral dissertation, Dublin, National College of Ireland),2020.

Huang, C., Zhang, P., Sun, Y., Zhu, Y., & Liu, Y.SFDS: A Self-Feedback Detection System for DNS Hijacking Based on Multi-Protocol Cross Validation, in 2019 26th International Conference on Telecommunications (ICT) DOI: https://doi.org/10.1109/ICT.2019.8798832

,IEEE, pp. 238-243.

Musashi, Y., Takemori, K., Kubota, S., & Sugitani, K. Detection of DNS Cache Poisoning Attack in DNS Standard Resolution Traffic.in CSEC-53,2011. DOI: https://doi.org/10.1109/ICINIS.2011.18

Ju, Y. W., Song, K. H., Lee, E. J., & Shin, Y. T. Cache poisoning detection method for improving security of recursive DNS, in The 9th International Conference on Advanced Communication Technology, IEEE,2007, Vol. 3, pp. 1961-1965. DOI: https://doi.org/10.1109/ICACT.2007.358755

Maksutov, A. A., Cherepanov, I. A., & Alekseev, M. S. Detection and prevention of DNS spoofing attacks,2017 Siberian Symposium on Data Science and Engineering (SSDSE), IEEE,2017, pp. 84-87. DOI: https://doi.org/10.1109/SSDSE.2017.8071970

Sahri, N. M., & Okamura, K. Collaborative Spoofing Detection and Mitigation--SDN Based Looping Authentication for DNS Services,2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), IEEE,2016, Vol. 2, pp. 565- 570. DOI: https://doi.org/10.1109/COMPSAC.2016.6

Wu, H., Dang, X., Zhang, L., & Wang, L.Kalman filter- based DNS cache poisoning attack detection, 2015 IEEE International Conference on Automation Science and Engineering (CASE),IEEE,2015,pp. 1594-1600. DOI: https://doi.org/10.1109/CoASE.2015.7294328

Abdelmajid, N., Amin, A., & Farhan, S. A. Location Based Model for Prevention DNS Spoofing, Proceedings of the 2020 International Conference on Internet Computing for Science and Engineering,2020, pp. 1-4. DOI: https://doi.org/10.1145/3424311.3424329

Bassil, R., Hobeica, R., Itani, W., Ghali, C., Kayssi, A., & Chehab, A. Security analysis and solution for thwarting cache poisoning attacks in the domain name system, in 2012 19th International Conference on Telecommunications (ICT),IEEE, pp. 1-6. DOI: https://doi.org/10.1109/ICTEL.2012.6221233

Cao, J., Ma, M., Wang, X., & Liu, H. A selective re- query case sensitive encoding scheme against DNS cache poisoning attacks, Wireless Personal Communications, 2017,Vol.94,No.3,pp.1263-1279. DOI: https://doi.org/10.1007/s11277-016-3681-2

Hmood, H. S., Li, Z., Abdulwahid, H. K., & Zhang, Y. Adaptive caching approach to prevent DNS cache poisoning attack,The Computer Journal, 2015,Vol.58,No.4, pp.973-985. DOI: https://doi.org/10.1093/comjnl/bxu023

Fan, L., Wang, Y., Cheng, X., & Li, J. Prevent DNS cache poisoning using security proxy, 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, IEEE,2011, pp. 387- 393. DOI: https://doi.org/10.1109/PDCAT.2011.69

Zhao, Y., Hu, N., Zhang, C., & Cheng, X. DCG: A Client-side Protection Method for DNS Cache, Journal of Internet Services and Information Security (JISIS),2020, Vol.10,No.2, 103-121.

Mohan, J., Puranik, S., & Chandrasekaran, K. Reducing DNS cache poisoning attacks,2015 International Conference on Advanced Computing and Communication Systems, IEEE, pp. 1-6. DOI: https://doi.org/10.1109/ICACCS.2015.7324091

Naqash, T., Ubaid, F. B., & Ishfaq, A. Protecting DNS from cache poisoning attack by using secure proxy, 2012 International Conference on Emerging Technologies,IEEE,pp. 1-5. DOI: https://doi.org/10.1109/ICET.2012.6375486

Tzur-David, S., Lashchiver, K., Dolev, D., & Anker, T. Delay fast packets (dfp): Prevention of DNS cache poisoning., in International Conference on Security and Privacy in Communication Systems, Springer, pp.303- 318. DOI: https://doi.org/10.1007/978-3-642-31909-9_17

Wang, Z., Yu, S., & Rose, S. An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks, in International Conference on Security and Privacy in Communication Systems, Springer, 2017, pp. 793-807. DOI: https://doi.org/10.1007/978-3-319-78813-5_43

Ma, T., Xu, C., Zhou, Z., Kuang, X., Zhong, L., & Grieco, L. A. Intelligent-Driven Adapting Defense Against the Client-Side DNS Cache Poisoning in the Cloud,in GLOBECOM 2020-2020 IEEE Global Communications Conference, IEEE, pp. 1-6. DOI: https://doi.org/10.1109/GLOBECOM42002.2020.9322430

Chau, S. Y., Chowdhury, O., Gonsalves, V., Ge, H., Yang, W., Fahmy, S., & Li, N. Adaptive Deterrence of DNS Cache Poisoning, in International Conference on Security and Privacy in Communication Systems, Springer, 2018, pp. 171-191. DOI: https://doi.org/10.1007/978-3-030-01704-0_10

Trostle, J., Van Besien, B., & Pujari, A. Protecting against DNS cache poisoning attacks, in 2010 6th IEEE Workshop on Secure Network Protocols, pp. 25-30. DOI: https://doi.org/10.1109/NPSEC.2010.5634454

Vixie, P., Gudmundsson, O., Eastlake, D., & Wellington, B. Secret key transaction authentication for DNS (TSIG). RFC 2845,2000. DOI: https://doi.org/10.17487/rfc2845

Eastlake, D. DNS request and transaction signatures (SIG (0) s). RFC 2931, September 2000. DOI: https://doi.org/10.17487/rfc2931

R.Arends, R Austein, M Larson, Daniel Massey, Scott W. Rose. DNS security introduction and requirement, IETF,2005. DOI: https://doi.org/10.17487/rfc4033

D.J.Bernstein. DNSCurve: Usable security for DNS,2009.

Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H.DepenDNS: Dependable mechanism against DNS cache poisoning,International Conference on Cryptology and Network Security ,Springer,2009,pp. 174-188. DOI: https://doi.org/10.1007/978-3-642-10433-6_12

Kumar, N., & Ranga, K. K. A Framework for Security of DNS using Cryptography, IJIRST,2015,Vol.2,No.01.

Snigdha, M. S. A Framework for Security of DNS Using Cryptography,2020.

Hussain, M. A., Jin, H., Hussien, Z. A., Abduljabbar, Z. A., Abbdal, S. H., & Ibrahim, A. DNS protection against spoofing and poisoning attacks,2016 3rd International Conference on Information Science and Control Engineering (ICISCE), pp. 1308-1312. DOI: https://doi.org/10.1109/ICISCE.2016.279

Jalalzai, M. H., Shahid, W. B., & Iqbal, M. M. W. DNS security challenges and best practices to deploy secure DNS with digital signatures, in 2015 12th InternationalBhurban Conference on Applied Sciences and Technology (IBCAST), IEEE, pp. 280-285. DOI: https://doi.org/10.1109/IBCAST.2015.7058517

Li, X. J., Ma, M., & Arjun, N. An Encryption Algorithm to Prevent Domain Name System Cache Poisoning Attacks,29th International Telecommunication Networks and Applications Conference (ITNAC), IEEE,2019, pp. 1-6. DOI: https://doi.org/10.1109/ITNAC46935.2019.9078019

Bai, X., Hu, L., Song, Z., Chen, F., & Zhao, K. Defense against DNS man-in-the-middle spoofing, International Conference on Web Information Systems and Mining Springer, 2011, pp. 312-319. DOI: https://doi.org/10.1007/978-3-642-23971-7_39

Chen, L., Zhang, Y., Zhao, Q., Geng, G., & Yan, Z. Detection of DNS DDOS attacks with random forest algorithm on spark, Procedia computer science, vol.134,2018, pp. 310-315. DOI: https://doi.org/10.1016/j.procs.2018.07.177

Kozlenko, M., & Tkachuk, V. Deep learning-based detection of DNS spoofing attack,2019

Moubayed, A., Aqeeli, E., & Shami, A. Ensemble-based feature selection and classification model for DNS typosquatting detection,2020 IEEE Canadian DOI: https://doi.org/10.1109/CCECE47787.2020.9255697

Conference on Electrical and Computer Engineering (CCECE), pp. 1-6.

Do Xuan, C., Nikolaevich, T. V., Dam, N. Q., Hoang, N. Q., & Long, D. H. Malicious domain detection based on DNS query using Machine Learning. International Journal, 2020, Vol.8, No.5. DOI: https://doi.org/10.30534/ijeter/2020/53852020

Jin, Y., Tomoishi, M., & Matsuura, S. A Detection Method Against DNS Cache Poisoning Attacks Using Machine Learning Techniques: Work in Progress,2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), IEEE,2019, pp. 1- 3. DOI: https://doi.org/10.1109/NCA.2019.8935025

Berger, H., Dvir, A.Z. & Geva, M. A wrinkle in time: a case study in DNS poisoning ,Int. J. Inf. Secur.

,2021,Vol. 20,Pp- 313–329.

https://code.google.com/archive/p/omnet-httptools/

Yang, X. S., & He, X., Firefly algorithm: recent advances and applications, International journal of swarm intelligence,2013,Vol.1, No.1,Pp. 36-50. DOI: https://doi.org/10.1504/IJSI.2013.055801