Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > funding : usnl-maddvipr
MADDVIPR - Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention
Sponsored by:
Department of Homeland Security (DHS)
In collaboration with researchers from the University of Twente, Netherlands, we will perform comprehensive analysis of the DDoS attacks targeting the DNS and assess vulnerabilities that threaten the resilience of the DNS under such DDoS attacks.

Principal Investigator(s): Alberto Dainotti

Funding Source: DHS S&T cooperative agreement FA8750-19-2-0004. Period of performance: November 1, 2018 - December 31, 2021.

|   Statement of Work     Proposal   |

Project Summary

The Domain Name System (DNS) is one of the core Internet services. It provides the vital function of translating human readable domain names into IP addresses and supports most Internet applications, commercial content distribution platforms, and many security services. Distributed Denial of Service (DDoS) attacks against the DNS can therefore have devastating effects.

Rigorous and systematic measurement and analysis are essential for quantifying the risks of DDoS attacks against DNS and the benefits of proposed solutions. In this project we seek to develop and extend tools that generate actionable intelligence to support protecting the DNS against DDoS attacks, including, wherever possible, preventing such attacks before they occur. To attain this objective, we will:

  • perform a systematic analysis of vulnerabilities in the current DNS using comprehensive active DNS measurement data from the OpenINTEL project that covers 60% of the global DNS name space;
  • analyze the DNS DDoS ecosystem, identifying attack sources, targets, and characteristics;
  • synthesize the resulting insights into a coherent unified view that considers both ongoing attacks and current vulnerabilities.

The results of this project will provide recommendations for protective measures that would help to minimize the risk and impact of DDoS attacks as well as yield clear guidance for improving DNS resilience.

Statement of Work

Year 1: Identifying DNS Single-Points-of-Failure Vulnerabilities
1.1Background research on DNS vulnerabilitiesReportUniv. of TwenteJan 31, 2019done
1.2Identify DNS single-points-of-failureReportUniv. of TwenteOct 31, 2019done
Year 2: Data, DNS Vulnerabilities and the DNS DDoS Ecosystem
2.1Develop strategies to make OpenINTEL data available via IMPACTReportCAIDAApr 30, 2020done
2.2Design and prototype DNSAttackStreamSoftwareCAIDASep 30, 2020done
2.3Identify DNS resilience vulnerabilities to DDoS attacksReportUniv. of TwenteApr 30, 2020
Oct 31, 2020
Year 3: Designing and Prototyping MADDVIPR
3.1Describe actionable information to be provided as outputReportJointJan 31, 2021
3.2Design the MADDVIPR frameworkSoftwareJointApr 30, 2021
3.3Prototype MADDVIPRSoftwareJointOct 31, 2021
Year 4: Consolidation and Dissemination of Results
4.1Write Ph. D. ThesisReportUniv. of TwenteOct 31, 2022
4.2Provide actionable recommendations for DNS operatorsReportJointOct 31, 2022

Acknowledgement of awarding agency's support

This material is based on research sponsored by Department of Homeland Security under agreement number FA8750-19-2-0004. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of Department of Homeland Security or the U.S. Government.

  Last Modified: Mon Mar-22-2021 18:20:53 UTC
  Page URL: