MTDNS: Moving Target Defense for Resilient DNS Infrastructure

TL;DR

This paper introduces MTDNS, a resilient DNS infrastructure using Moving Target Defense with SDN and NFV to dynamically redirect traffic, improving attack resilience and reducing latency during DNS flooding attacks.

Contribution

It presents a novel MTD-based DNS defense mechanism leveraging SDN and NFV, with implementation and testing demonstrating improved resilience and performance.

Findings

Higher success rate in DNS query resolution under attack

Significantly reduced average latency during flooding attacks

Effective traffic redirection using SDN and NFV

Abstract

One of the most critical components of the Internet that an attacker could exploit is the DNS (Domain Name System) protocol and infrastructure. Researchers have been constantly developing methods to detect and defend against the attacks against DNS, specifically DNS flooding attacks. However, most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped, making them highly dependable on detection strategies. In this paper, we propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques through Software Defined Networking (SDN) switches to redirect traffic to alternate DNS servers that are dynamically created and run under the Network Function Virtualization (NFV) framework. The proposed approach is implemented in a testbed environment by running our DNS servers as separate Virtual Network Functions, NFV Manager, SDN switches, and an SDN Controller. The experimental result shows that the MTDNS approach achieves a much higher success rate in resolving DNS queries and significantly reduces average latency even if there is a DNS flooding attack.