Funding Source: DHS S&T cooperative agreement FA8750-19-2-0004. Period of performance: November 1, 2018 - October 31, 2022.
The Domain Name System (DNS) is one of the core Internet services. It provides the vital function of translating human readable domain names into IP addresses and supports most Internet applications, commercial content distribution platforms, and many security services. Distributed Denial of Service (DDoS) attacks against the DNS can therefore have devastating effects.
Rigorous and systematic measurement and analysis are essential for quantifying the risks of DDoS attacks against DNS and the benefits of proposed solutions. In this project we seek to develop and extend tools that generate actionable intelligence to support protecting the DNS against DDoS attacks, including, wherever possible, preventing such attacks before they occur. To attain this objective, we will:
- perform a systematic analysis of vulnerabilities in the current DNS using comprehensive active DNS measurement data from the OpenINTEL project that covers 60% of the global DNS name space;
- analyze the DNS DDoS ecosystem, identifying attack sources, targets, and characteristics;
- synthesize the resulting insights into a coherent unified view that considers both ongoing attacks and current vulnerabilities.
The results of this project will provide recommendations for protective measures that would help to minimize the risk and impact of DDoS attacks as well as yield clear guidance for improving DNS resilience.
Statement of Work
|Year 1: Identifying DNS Single-Points-of-Failure Vulnerabilities|
|1.1||Background research on DNS vulnerabilities||Report||Univ. of Twente||Jan 31, 2019||done|
|1.2||Identify DNS single-points-of-failure||Report||Univ. of Twente||Oct 31, 2019|
|Year 2: Data, DNS Vulnerabilities and the DNS DDoS Ecosystem|
|2.1||Develop strategies to make OpenINTEL data available via IMPACT||Report||CAIDA||Apr 30, 2020|
|2.2||Design and prototype DNSAttackStream||Software||CAIDA||Sep 30, 2020|
|2.3||Identify DNS resilience vulnerabilities to DDoS attacks||Report||Univ. of Twente||Apr 30, 2020|
Oct 31, 2020
|Year 3: Designing and Prototyping MADDVIPR|
|3.1||Describe actionable information to be provided as output||Report||Joint||Jan 31, 2021|
|3.2||Design the MADDVIPR framework||Software||Joint||Apr 30, 2021|
|3.3||Prototype MADDVIPR||Software||Joint||Oct 31, 2021|
|Year 4: Consolidation and Dissemination of Results|
|4.1||Write Ph. D. Thesis||Report||Univ. of Twente||Oct 31, 2022|
|4.2||Provide actionable recommendations for DNS operators||Report||Joint||Oct 31, 2022|
This material is based on research sponsored by Department of Homeland Security under agreement number FA8750-19-2-0004. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.