A RAID-Inspired Framework for Robust DNS Security: MitigatingDDoS Attacks Through Distributed Data Encoding and Redundancy

preprint OA: closed
📄 Open PDF Full text JSON View at publisher

Abstract

The DNS systems serves an important role in accessing and managing domain names. Despite its importance, DNS is vulnerable to numerous network-based attacks such as Distributed Denial-of-Service DDoS attacks. Unfortunately, no comprehensive solution has been discovered to combat such attacks. In this paper, we proposed an approach to enhance DNS security by adopting RAID technology and data coding. This approach relies on multiple independent DNS servers holding distinct coded DNS records instead of relying on a single DNS server. Our proposed solution shows efficient results in overcoming data loss and disruption of DNS server operation. This solution lies on the fact that if one server is attacked or damaged, the other servers will continue working to resolve IP addresses without disruption. The results obtained indicate that the time taken to process multiple DNS requests may slightly increase compared to single DNS operation. However, the time required for DNS recovery from DDoS attack is significantly larger when only a single server is being used, which may take hours or even days
Full text 48,979 characters · extracted from preprint-html · click to expand
A RAID-Inspired Framework for Robust DNS Security: MitigatingDDoS Attacks Through Distributed Data Encoding and Redundancy | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL Security and Privacy This is a preprint and has not been peer reviewed. Data may be preliminary. 16 April 2025 V1 Latest version Share on A RAID-Inspired Framework for Robust DNS Security: MitigatingDDoS Attacks Through Distributed Data Encoding and Redundancy Authors : Rima Masri 0009-0004-0262-1916 [email protected] , Sahel Alouneh , and Bayan Abu Shawar Authors Info & Affiliations https://doi.org/10.22541/au.174480523.38636760/v1 421 views 172 downloads Contents Abstract Introduction background DNS Security Redundant Array of Independent Disks (RAID) LITERATURE REVIEW Methodology Results and Discussions Conclusion References Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract The DNS systems serves an important role in accessing and managing domain names. Despite its importance, DNS is vulnerable to numerous network-based attacks such as Distributed Denial-of-Service DDoS attacks. Unfortunately, no comprehensive solution has been discovered to combat such attacks. In this paper, we proposed an approach to enhance DNS security by adopting RAID technology and data coding. This approach relies on multiple independent DNS servers holding distinct coded DNS records instead of relying on a single DNS server. Our proposed solution shows efficient results in overcoming data loss and disruption of DNS server operation. This solution lies on the fact that if one server is attacked or damaged, the other servers will continue working to resolve IP addresses without disruption. The results obtained indicate that the time taken to process multiple DNS requests may slightly increase compared to single DNS operation. However, the time required for DNS recovery from DDoS attack is significantly larger when only a single server is being used, which may take hours or even days A RAID-Inspired Framework for Robust DNS Security: MitigatingDDoS Attacks Through Distributed Data Encoding and Redundancy Rima Masri ∗ , Sahel Alouneh † , Bayan Abu Shawar ‡ ∗ College of Engineering.Al Ain University, Abu Dhabi, UAE Email: [email protected] † German Jordanian University, Jordan, College of Engineering.Al Ain University, Abu Dhabi, UAE Email: [email protected] Email: [email protected] ‡ College of Engineering.Al Ain University, Abu Dhabi, UAE Email: [email protected] Abstract — The DNS systems serves an important role in accessing and managing domain names. Despite its importance, DNS is vulnerable to numerous network-based attacks such as Distributed Denial-of-Service DDoS attacks. Unfortunately, no comprehensive solution has been discovered to combat such attacks. In this paper, we proposed an approach to enhance DNS security by adopting RAID technology and data coding. This approach relies on multiple independent DNS servers holding distinct coded DNS records instead of relying on a single DNS server. Our proposed solution shows efficient results in overcoming data loss and disruption of DNS server operation. This solution lies on the fact that if one server is attacked or damaged, the other servers will continue working to resolve IP addresses without disruption. The results obtained indicate that the time taken to process multiple DNS requests may slightly increase compared to single DNS operation. However, the time required for DNS recovery from DDoS attack is significantly larger when only a single server is being used, which may take hours or even days Keywords—DNS, DDoS, RAID, Network Security. Introduction A Distributed Denial-of-Service (DDoS) attack can severely disrupt internet services and is often used by cybercriminals. It can flood a Domain Name System (DNS) with an excessive amount of traffic, making it challenging or even impossible for legitimate users to access services. This research adopts the use of Redundant Array of Independent Disks (RAID) technology to establish a network of multiple DNS servers; mainly three servers will be our focus model in this research work; aiming to solve the vulnerability of DNS to DDoS attacks. RAID is a technique used to enhance reliability and performance by storing data across multiple hard drives. Our proposed system consists of three servers that each server holds different portions of the main record, rather than a single server holding the whole record information. This setup is efficient to avoid losing data or time because if one server becomes targeted or compromised, the other two can still function and complete the task. The proposed solution can effectively mitigate the impact of DDoS attacks and ensure continuous internet service functionality even during such attacks by leveraging RAID technology and distributing DNS records across multiple servers. It provides multiple advantages, such as enhanced DNS network resilience and availability, faster response times, and improved security. In this research, we developed a customized DNS software that sets up, configures, and manages queries and responses from three DNS servers to ensure redundancy and resilience, against failures. Furthermore, thorough testing will be essential to verify the effectiveness and reliability of the proposed solution under various conditions. The rest of this research is structured as follows; the background will be presented in section 2; section 3 will elaborate on the literature review; the methodology is clarified in section 4. Testing and results are discussed in section 5. Finally, the conclusion and future work are presented in section 6. background Distributed Denial-of-Service (DDoS) Attack DDoS (Distributed Denial of Service) attack is a malicious attempt where multiple systems are used to send an overwhelming amount of traffic to a target server or network, aiming to disrupt its normal function and make it inaccessible to legitimate users. Due to attackers utilizing multiple attack resources and forged IP addresses, tracing a DDoS attack is highly challenging. There are various types of DDoS attacks, including SYN flood attacks, UDP flood attacks, and more. SYN flood attack targets the TCP handshake process by sending a large number of spoofed SYN requests without completing the handshake process. On the other hand, UDP flood attack targets internet resources such as DNS server by sending a large number of UDP packets without waiting for responses, which can overwhelm the server’s processing capacity and disrupt its ability to handle legitimate traffic effectively. Domain Name System (DNS) The DNS (Domain Name System) servers is a database that translates domain names into IP addresses. This translation process allows users to access websites and services by typing in familiar names rather than complex numerical addresses. There are four types of DNS server: DNS recursive resolver/ DNS resolver, Root name server, Top-level domain/ TLD name server and Authoritative name server. The DNS recursive resolver plays a critical role in the Domain Name System (DNS) infrastructure. It processes DNS queries from clients by recursively querying other DNS servers until it retrieves the requested DNS information. In simpler terms, it acts as an intermediary that assists users and devices in finding the IP addresses associated with domain names they wish to access on the internet. When a user enters a specific URL into their browser, the browser sends the URL to the operating system, which in turn queries the DNS resolver to obtain the IP address associated with that URL as illustrated in Figure 1. Next, if the resolver does not already have the IP address in its cache, it proceeds to contacts a root name server. The root name server does not directly provide the IP address but instead refers the DNS resolver to the IP address of the TLD name server. The DNS resolver then queries the TLD name server, which provides information about the authoritative name server and the IP address of the web server requested. The DNS resolver receives the IP address from the authoritative name server and caches it locally for future use. It then sends the IP address back to the operating system, which forwards it to the browser [1] Figure 1: DNS Main Components and Functionality Process DNS Security DNS security is crucial for ensuring the integrity, availability, and confidentiality of domain name resolution services. It helps prevent various types of attacks and ensures that users can trust the DNS infrastructure for accurate and secure resolution of domain names into IP addresses. DNS inherently lacks security because recursive resolvers cannot independently verify if responses genuinely originate from authoritative name servers. Attackers exploit this vulnerability by forging DNS response packets, spoofing the source IP address to impersonate authoritative name servers. Consequently, users may unwittingly access malicious websites due to this potential deception [2]. The Domain Name System security extensions (DNSSEC) is a suite of extensions to DNS. Used to enhance DNS security by adding cryptographic signatures to DNS responses, allowing DNS clients to verify the authenticity and integrity of DNS data that helps in preventing DNS spoofing and cache poisoning attacks [3]. However, it does not comprehensively address all DNS security challenges. It notably lacks provisions for ensuring confidentiality of DNS queries and responses and does not include measures to shield DNS servers from Distributed Denial of Service (DDoS) attacks, which can overwhelm infrastructure with excessive traffic, leading to service disruptions [4]. Besides DNSSEC, there are various other security measures that can be implemented for DNS, such as DNS filtering, blocking, and DNS firewalls. DNS filtering is used to block access to malicious or undesirable domains, which helps in protecting against phishing, malware, and other malicious activities. On the other hand, DNS firewalls inspect DNS queries and responses, filtering out malicious or unauthorized traffic based on predefined security policies [5]. Additional techniques can be employed to enhance DNS security against DDoS attacks, although complete elimination of such attacks is not always feasible. Redundant Array of Independent Disks (RAID) RAID (Redundant Array of Independent Disks) is a technology used to improve performance, increase storage capacity, and provide redundancy for data protection by combining multiple hard disks or solid-state drives (SSDs) into a single logical unit. This technique is particularly beneficial for protecting data in the case of a drive failure, including for SSDs (Solid State Drives). RAID achieves these goals through different RAID levels, though, and not all of them strive to offer redundancy [6]. RAID systems are classified into various levels, which fall into three main categories: standard, nested, and Non-Standard RAID levels [7]. Standard RAID levels include configurations such as RAID 0, RAID 1, RAID 5, and RAID 6, each providing different balances of performance, storage capacity, and data redundancy. On the other hand, Nested RAID levels are combinations of these standard configurations, designed to offer enhanced performance and redundancy. Examples include RAID 10 (a combination of RAID 1 and RAID 0) and RAID 50 (a combination of RAID 5 and RAID 0). Non-Standard RAID levels, like RAID 7, are unique implementations developed by specific vendors, featuring customized enhancements and optimizations tailored to particular applications or hardware [7]. RAID’s redundancy is a fault-tolerant technology designed to mitigate data loss caused by disk drive failures. By distributing data across multiple drives, RAID not only enhances data protection but also improves overall system performance and storage capacity. Disk arrays, which employ RAID technology, offer significant advantages over traditional single disk drives. These benefits include increased read/write speeds, higher data availability, and the ability to recover data seamlessly in the event of a drive failure [8]. In our design, we will initially be utilizing RAID 5 technology. First, let us discuss how it operates. In a RAID 5 array with three disks (let us call them Disk 1, Disk 2, and Disk 3), data and parity are distributed across all disks in a striped manner with distributed parity as illustrated in Figure 2. Data from each disk is divided into blocks or segments and Parity information for each block is calculated and stored across all disks in a way that if any single disk fails, the data can be reconstructed using the parity information from the remaining disks [9]. Therefore, in our example, Data A is divided into segments and stored across Disk 1 and Disk 2, Data B is similarly divided and stored across Disk 2 and Disk 3 and Data C is divided and stored across Disk 1 and Disk 3. On the other hand, Parity information for each segment is calculated and stored on the third disk not containing that segment. If any disk fails, the lost data can still be retrieved from the remaining data and parity segments. This ensure continuous functioning while keeping integrity and availability [9] Figure 2: RAID 5 Functionality, Hard disks and parity blocks Let’s say for example that A = 1010 0011, the first 4 bits will be combined with the second 4 bits and it will be divided into Hard disk 1 and Hard disk 2 as follows: A 1 = 1010 Hard disk 1  A 2 = 0011 Hard disk 2  A p  Hard disk 3  Ap which is the parity for A, it will be calculated using XOR, so A 1 XOR A 2 = A p and so on for B and C as well. If, for instance, Hard disk 2 fails, to reconstruct A2 (0011), you can XOR A1 (1010) with Ap (1001): A1 XOR Ap = 1010 XOR 1001= 0011. This process illustrates how RAID 5 uses distributed parity to recover data in case of disk failure. By XORing the remaining data blocks and the parity block, you can reconstruct the lost data block. This fault tolerance mechanism ensures that the RAID array continues to operate even when one disk fails, providing resilience and continuity for data storage systems [10]. LITERATURE REVIEW This section will briefly discuss the notable and recent work in the area of securing DNS from DDoS attacks. Lyu et al. [11] proposed hierarchical anomaly-based detection system to detect distributed DNS attacks. Their approach analyzed DNS traffic in multiple stages and identifies possible attacks. The system used statistical and machine learning technique to enhance the accuracy of detection. Their approach showed effectiveness in enhancing network security by detecting different types of DNS attacks. Pappas et al. [12] proposed a method to enhance DNS availability against DDoS without changing the DNS design or requiring extra resources. Their method was about increasing time-to-live (TTL) values for infrastructure records to make DNS records last longer before they got updated. Their approach worked well because these records do not change often. They validated their approach by analyzing DNS traces from different locations, showing that it could make DNS up to 10 times more robust against DDoS attacks. Alieyan et al. [13] listed the major threats that can arise from DDoS attacks on Domain Name System (DNS) and the defense mechanisms. These defense mechanisms included using the DNS Amplification Attacks Detector (DAAD) method to identify suspicious traffic by recording it, detecting DDoS attack packets with the DNS Cyber Shelter approach, and allowing recursive DNS queries only from known sources. There research highlighted the importance of these mechanisms to reduce the impact of DDoS attacks on DNS. Zhu et al. [14] highlighted that DNS is vulnerable to DoS attacks because of its connectionless nature. To improve DNS security, they proposed a connection-oriented approach that used transport-layer security (TLS) and called it Transport-Layer DNS (T-DNS). Their approach had two benefits: it minimized the risk of DoS attacks by implementing TCP approach and it prevented eavesdropping by encrypting communication between stub resolver and the recursive resolver through TLS. On the other hand, their approach added some latency, about 9\% increase compared to UDP for communications between the stub and recursive resolver, and a 22\% increase when using TCP between the recursive and authoritative servers. However, they also showed that once the connection was established, the latency for both TCP and TLS was comparable to that of UDP. Ahmed at al. [15] proposed using Software-Defined Networking (SDN) to mitigate DDoS attacks on the DNS. This approach allows for the analysis and elimination of abnormal traffic through software-controlled network management and policy updates. They implemented a prototype using a Dirichlet process mixture model to distinguish between benign and malicious traffic. Their experiments, conducted with real network traces, demonstrated the feasibility and effectiveness of this system. However, they noted that this method is particularly suitable for environments where networks can be closely monitored, such as military networks. In the paper ”Comprehensive Survey of Machine Learning Techniques for Detecting and Preventing Network Layer DoS Attacks” by Bhatta et al. [16], the authors examined how machine learning (ML) techniques could be applied to detect and prevent network layer denial of service (DoS) attacks, with a focus on protecting Department of Defense (DoD) systems using AI. They illustrated that ML could use different approaches like supervised, unsupervised and hybrid learning methods to improve detection and prevention systems. Also, this paper tested the effectiveness of different methods such as Support Vector Machines, Decision Trees, Random Forests, K-Nearest Neighbors, and Neural Networks. In addition to that, the paper identified two challenges: the need for adaptive models and absence of high quality training data. To improve network security against DoS attacks, the paper highlighted the importance of more research in deep learning and interpretable machine learning models. It gave a clear explanation of network layer DoS attacks and impact. it researched different machine-learning techniques in attack detection and prevention, demonstrated the strengths and weaknesses of each technique, and compared the most related works in the field. The results of this paper provided a useful reference for researchers and practitioners working on ML-based defense mechanisms against network layer DoS attacks. In the paper ”DoS Attack Detection Using Machine Learning and Neural Network” by Wankhede and Kshirsagar [17], the authors highlighted the growing threat of DoS attacks especially on the application layer vulnerabilities. They used different machine learning (ML) and neural network (NN) algorithms to identify the most effective detection methods. Using the CIC IDS 2017 dataset, their experiments showed that Random Forest (RF) performed better than Multi-Layer Perceptron (MLP) in detecting DoS attacks. Also, they emphasized on the importance of having an effective detection methods at different layers of the OSI models, especially at the application layer. In conclusion, the authors proposed future research areas to improve detection capabilities such as feature reduction and multi-classification of DoS attacks. There paper provided an important reference in enhancing DoS attack detection using ML and NN algorithms. De Lima Filho et al. [18] proposed Smart Detection, a machine learning-based systems aimed to detect Dos and DDoS attacks. The system effectively identified both volumetric and low-volume attacks with high accuracy and a low false alarm rate by analyzing network traffic samples. It utilized a combination of customized and benchmark datasets to ensure compatibility with existing Internet infrastructure, requiring no additional software or hardware. The study demonstrated the system’s effectiveness, achieving over 96% detection rate for attacks and emphasizing its importance in mitigating ongoing challenges in network security posed by DoS attacks. Methodology This section outlines our proposed design following an explanation of the required specifications and constraints. De sign Specifications Initially, we created a virtual machine using Oracle VirtualBox, assigning it the necessary operating system (Ubuntu), memory size, and number of processors (2 CPUs) as detailed in Table 1. Following this, we installed and configured a public/private DNS server on the VM, referring to it as the DNS Machine. Figure 3 illustrates the flowchart for setting up the DNS server. Table 1: Virtual Machine Specifications Base Memory 4 GB Video Memory 128 MB Hard Disk Size 200 GB Processors 2 CPUs Figure 3: Setting up the DNS Server Design Constrains Performance Under normal circumstances, when a user enters a website URL and presses enter, the computer sends a request to a DNS server to obtain the corresponding IP address, which it then returns. By incorporating RAID storage, the DNS server must handle multiple storage units. According to our design, it will send requests to three different storage units rather than just one and receive responses from all three. This introduces additional steps into the process, which may affect performance. In this study, we will thoroughly investigate and evaluate the performance implications of our design during the implementation phase. Cost The system’s design should prioritize cost-effectiveness by utilizing economical hardware and software components wherever feasible. Factors influencing costs include hardware, software, networking, and ongoing maintenance and support requirements. Thus, careful consideration of these elements is crucial to ensuring an economically viable solution. For example, the necessary processing power of the CPU will be influenced by several variables. Generally, high-end CPUs with more cores and faster clock speeds are more expensive than lower-end CPUs. In terms of memory, the required amount is determined by the size of the data being managed and the number of client requests. More memory capacity typically costs more than less. When it comes to storage servers, they will require either hard drives or solid-state drives (SSDs) for data storage. Storage costs will vary based on the data volume and the level of redundancy needed (e.g., RAID 1, RAID 5). Drives with higher capacity are usually more expensive, and SSDs cost more than traditional hard drives. Networking is another significant factor. DNS and storage servers must be interconnected and linked to clients through a network infrastructure. The network’s size, complexity, desired performance and redundancy levels would influence the cost of networking equipment. Higher-quality networking equipment is more expensive than lower-quality options. Reliability Reliability is a crucial design consideration since DNS and storage servers must manage and store vital data, ensuring it is always accessible to clients. To achieve high reliability, several strategies can be employed: Redundancy is a method of enhancing reliability by having backup systems ready to take over if the primary system fails. In our design, redundancy can be achieved through multiple DNS and storage servers. This setup ensures that if one server goes down, others can seamlessly continue the operations. Additionally, redundancy includes using multiple power supplies, network connections, and storage devices. For example, the existence of a dual power supplies can prevent downtime incase one power supply fails. In addition to redundancy, fault tolerance is another method to improve reliability. Fault tolerance is the ability of a system to function even when some components fail. In our design, fault tolerance can be achieved by having failure detection and recovery mechanisms in DNS and storage servers. For example, if one storage server fails, out system can automatically switch to another storage server to access the required records. Compatibility with UDP Compatibility with UDP is an important design constrain because the communication between DNS server and storage servers is done through UDP sockets. To achieve compatibility, it is essential to follow the rules and specifications of the UDP protocol. One of the UDP protocols is Protocol Compliance, which includes understanding the structure of the UDP header and considering the datagram size. Additionally, it is important to consider network topology. Because of the UDP structure about being connectionless protocol, factors like firewalls and NAT devices in the network topology might impact UDP communication’s reliability. Proper configuration of these devices may be necessary to allow UDP traffic to flow between the DNS server and storage servers effectively. Furthermore, port availability must be considered. UDP uses port numbers to distinguish between different applications and services. To ensure compatibility with UDP, the DNS server and storage servers must utilize available and appropriate port numbers that are not already in use by other applications or services on the network. This prevents conflicts and ensures smooth operation of UDP communication between the servers. Proposed Design Decision matrix There are several types of RAID (Redundant Array of Independent Disks) technologies, each with its own strengths, weaknesses, and specific use cases. Initially, we focused on three main types: RAID 5, RAID 6, and RAID 10, as detailed in Table 2. Table 2: Decision Matrix Minimum number of drives 3 4 4 Protection Parity protection for single disk failure Parity protection for up to two disk failures Mirror protection combining RAID 1 mirroring and RAID 0 striping Fault tolerance Can tolerate the failure of one drive without data loss Can withstand the simultaneous failure of up to two drives without data loss Can survive the failure of one drive in each mirrored pair without data loss Read performance Lower due to parity calculations Lower due to parity calculations Higher due to striping across mirrored pairs Write Performance Lower due to parity calculations Lower due to parity calculations Medium, as it involves both mirroring and striping operations Capacity utilization From 67% to 94% of total drive capacity after accounting for parity From 50% to 88% of total drive capacity due to dual parity 50% of total drive capacity due to mirroring In our design, we opted for RAID 5 due to its minimum requirement of three hard disks, which is cost-effective and manageable. Although it offers lower read and write performance compared to RAID 6 and RAID 10, its simpler design integrates well with DNS servers. RAID 5 provides tolerance for a single disk failure, which is a limitation to consider. However, if the initial implementation proves successful, there is potential to upgrade to RAID 6 or RAID 10 in the future. For instance, RAID 6 offers parity protection for up to two disk failures, enhancing data reliability under more challenging scenarios. Components In our design, the system runs based on the RAID concept with three primary components: The Personal Computer (PC), the DNS server, and the Main RAID Storage, illustrated in Figure 4. Here is how it functions: The PC send a request (R) to the DNS server, asking for the IP address of a specific website or resource. Then, the DNS server forwards this request (R) to the main storage, which is configured as a RAID storage system, where the necessary information is stored in its database. This setup ensures that the DNS server acts as an intermediary, forwarding requests from the PC to the RAID storage for retrieving required data. Figure 4: RAID Technology Concept In our design, the main storage is divided across three distinct DNS servers rather than a single consolidated unit using RAID concept. For example, using RAID 5 involves dividing the main storage into at least three parts, which are distributes across the DNS servers. This configuration ensures maintaining data redundancy and fault tolerance and allowing for recovery from a single drive or server failure without data loss. When a request (R) is sent, the DNS server simultaneously sends three identical requests to the three different storage segments (S1, S2, S3) within the RAID setup. Each DNS server plays an important role in managing a part of the RAID storage, improving system flexibility and ensuring reliable data retrieval across distributed components. This approach not only improves fault tolerance but also uses the combined resources of multiple servers to enhance performance and scalability in our system. After dividing the information into two separate storage parts within the RAID 5 configuration, the system will proceed as follows: when a request (R) is received, the RAID 5 storage will search for the requested information across all its storage segments. Once the required information is located, it is gathered, combined if necessary, and retrieved by the DNS server. Subsequently, the DNS server sends the compiled information back to the personal computer as the response to its original request (R). This process ensures that the system efficiently accesses and delivers the requested data, taking advantage of RAID 5’s redundancy and fault tolerance across the distributed storage components. In our design implementing RAID 5, the DNS server is resilient against various types of attacks, including DDoS. Figure 5 illustrates how DNS records in text format are converted into binary format and distributed across three DNS servers. The binary data is divided into two sets: one set stored in each of two DNS server storages, and the result of an XOR operation between these two sets is stored in the third DNS server storage. When a user enters a website’s URL, the process involves converting the URL from text to binary format for easier storage. The binary number is then split into two halves, and an XOR operation is applied to these halves, resulting in three distinct binary sets. These sets are simultaneously sent as requests to the three DNS servers. Each DNS server processes the request independently, and the results are expected to be retrieved and returned simultaneously. This approach enhances data redundancy and fault tolerance, ensuring reliable and secure retrieval of IP addresses corresponding to requested URLs in the face of potential network attacks. Figure 5: Domain Name Systems based on RAID technology The pseudocodes below outline the basic operations involved in converting characters to ASCII values, ASCII values back to characters, and the process flow for handling DNS requests in a RAID 5 setup. Algorithm 1 calculates the length of a string, iterates through each character in the string, converts each character to ASCII, converts ASCII to binary, and prints the output. Algorithm 1: Conversion Process 1: Calculate length of String 2: for i=0 to String length-1 3: Convert Char to ASCII 4: Convert ASCII to Binary 5: end for 6: print output Algorithm 2 converts an ASCII integer value (val) to its binary representation (x): set val to Integer value of (s.charAt(i)). Algorithm 2: Converting ASCII to Binary 1: set x to empty String 2: while val > 0 do 3: if val % 2 == 1 then 4: x += ‘1’ 5: else 6: x += ‘0’ 7: end if 8: val /= 2 9: end while Algorithm 3 processes a DNS request using binary set numbers. It divides the binary set into two halves, computes the XOR of these halves, sends requests to three DNS servers (DNS1, DNS2, DNS3) with these values, and checks for results. Algorithm 3: DNS Requests 1: scan request x 2: Set r1 = first half of binary set numbers 3: Set r2 = second half of binary set numbers 4: Set r3 = r1 XOR r2 5: send requests r1,r2,r3 to DNS1,DNS2,DNS3 6: if results found then 7: return results 8: else 9: return “no results found” 10: end if Design Improvement After completing the implementation and testing phases, if our design proves to be successful with minimal issues, we have the opportunity to enhance it by transitioning from RAID 5 to RAID 6 technology. This upgrade would significantly improve the design’s functionality, speed, performance, and overall capabilities. RAID 6 offers the added benefit of dual parity protection, allowing the system to withstand the failure of up to two disks simultaneously, compared to RAID 5’s single disk protection. Besides, there are potential design improvements that could be taken into consideration: • Load Balancing: While the current setup with three storage servers provides redundancy and fault tolerance, there is a lack of load balancing mechanism. This oversight can lead to uneven distribution of workload where one server may be overloaded while others are underutilized. Implementing a load balancing mechanism would evenly distribute requests across all three servers, thereby enhancing overall system performance and resource utilization. • Security: The current design does not sufficiently address security concerns such as data encryption and authentication. To bolster security, implementing data encryption during transmission can safeguard against data breaches and unauthorized access. Additionally, adding user authentication mechanisms would prevent unauthorized access to the DNS and storage servers, ensuring data integrity and confidentiality. • Scalability: our current design is limited to three storage servers, potentially restricting scalability for larger deployments. Improving scalability requires designing the system to support additional storage servers as needed. Automatic load balancing can help distribute resources more efficiently and maintain consistent performance as the system grows to meet growing demands. • Monitoring and Logging: Adding monitoring and logging capabilities is important for managing and troubleshooting the system efficiently. Monitoring tools help administrators to keep track of system performance in real-time, detect unusual activity, and proactively address issues. Logging keeps a record of system activities, making it easier to analyze incidents and ensure compliance. Results and Discussions This section provides an overview of the outcomes and performance assessment of our Domain Name System (DNS) server utilizing the RAID-5 approach. Initially, we assessed the system’s performance during regular operations, followed by examining its reaction to different types of DDoS attacks and DNS flooding. To initiate the process, we execute the code on five separate terminals. One terminal is dedicated to launching the DNS server, while the remaining three terminals are allocated for our three distinct DNS storage systems. The fifth terminal is utilized for delivering a DNS query (request) as shown in Figures 6-9. Figure 6. Starting serve_dns Figure 7. Starting serve_storage 1 Figure 8. Starting serve_storage 2 Figure 9. Starting serve_storage 3 We obtained the outcome from an external database file that holds more than 300 records. Our program was able to retrieve the response, to our request in under one second as shown in Figure 10. Figure 10. Testing Results Then, we attempt to assess the performance of the DNS during regular operations by sending multiple requests from one machine. Figure 11 illustrates the relation between the numbers of requests vs the average processing time. After that, we assess the performance by sending multiple requests from multiple machines at the same time and Figure 12 demonstrates the results. We can observe that, in normal operation, the average processing time for each machine increase when we increase the number of requests and the number of machines. However, this increase is slight and does not exceed 1 second. Figure 11. DNS Performance during Regular Operations by Sending Multiple Requests from one Machine Figure 12. DNS Performance during Regular Operations by Sending Multiple Requests From multiple Machines After that, we attempted to perform a DoS/DDoS attack on the storage server 2 that store the original data and observed its impact on the DNS server’s performance by sending one request by one machine as show in Figure 13 After comparing the results between Figure 10 and Figure 13, we noticed that the average time that took the DNS server to process one request from one machine is around 0.0123935 second. Based on the findings we can deduce that the server is facing a surge, in traffic or workload due to the attack. However, given that, the network employs three DNS servers, which collectively handle some of the records; it is improbable for the server to become unresponsive because of the increased traffic. The other two DNS servers can still retrieve data seamlessly, without any loss or delay of recovery from the DoS/DDoS attack. In the next step, we conducted multiple DNS requests for different websites from one machine to our server. This helped us measure the time it takes for the response to be retrieved as well as the total delay compared to sending just one DNS request. Figure 14 illustrates the performance of Domain Name System (DNS) during DDOS attack on storage server 2 that save the original data. Then, we assess the performance by sending multiple requests from multiple machines at the same time and Figure 15 demonstrates the results. After comparing the time taken to process the requests between Figure 12 and Figure 15, we found that in both cases, if the number of requests increase the average processing time increase and if the number of machines increase the average processing time also increase. Furthermore, we observed that during a DDoS attack, the DNS takes around thirty times longer to process requests compared to normal operations. Figure 1 3 . Results after requesting www.amazon.com during the DoS attack on Server Storage 1 that Store the XOR Data Figure 1 4 . DNS Performance during DDOS attack on Storage Server 2 that Store the Original Data Figure 15: Assessing DNS Performance during DDOS attack on Server 2 by Sending Multiple Requests From multiple Machines Finally, we repeated the previous steps but this time by targeting storage server 1 that stores the XOR data. We then sent a single request from one machine, multiple requests from one machine, and multiple requests from multiple machines consecutively. Our analysis reveals that the processing time for requests remains constant whether server 1 or server 2 is unavailable. This means that regardless of which server is targeted, the system’s response time doesn’t change a lot which also indicate that redundancy and failover mechanisms are effective. This consistency shows that the system can effectively handle server failures without affecting the processing time because of efficient load balancing. To validate these findings and ensure ongoing reliability, continuous monitoring and testing will be essential. Our findings showed that applying RAID 5 methodology on DNS server was effective in handling DDoS attacks and DNS flooding with minimal impact on performance. This is because RAID 5 allows for fault tolerance and data redundancy by using parity information and distributing the data across multiple disks. In addition to that, using RAID 5 has little impact on performance because the system can access data with only a slight increase in latency. Our approach shows and effectiveness in improving both the reliability and performance of DNS systems against DDoS attacks and DNS flooding. However, it is important to mention that no system is completely immune to such attacks, and additional security measures may be required for full protection. Conclusion In conclusion, our paper introduces a novel approach to enhance DNS security using RAID technology by distributing DNS records across multiple independent servers to reduce the impact of DDoS attacks. This approach provides a major improvement compared to traditional single DNS server through overcoming data loss and operational disruptions. Even though that this approach shows a slight increase in DNS response time compared to standard operations, this increase is still much smaller than the time required for DNS recovery after DDoS attack. Our paper shows a great potential in having a robust DNS infrastructure that can Overcome DDoS attacks. However, further research is needed to come up with the vest RAID configurations and how it can be integrated with machine learning to improve attack prediction and mitigation strategies. References 1. [1] L. Zelleke, “What is DNS Hierarchy Architecture with Examples (Explained),” Cloud Infrastructure Services. Accessed: Jul. 06, 2023. [Online]. Available: https://cloudinfrastructureservices.co.uk/what-is-dns-hierarchy/[2] “DNSSEC – What Is It and Why Is It Important? - ICANN.” Accessed: Jul. 07, 2023. [Online]. Available: https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en[3] S. Rose, M. Larson, D. Massey, R. Austein, and R. Arends, “DNS Security Introduction and Requirements,” Internet Engineering Task Force, Request for Comments RFC 4033, Mar. 2005. S. Ariyapperuma and C. J. Mitchell, “Security vulnerabilities in DNS and DNSSEC,” in The Second International Conference on Availability, Reliability and Security (ARES’07) , Vienna, Austria: IEEE, 2007, pp. 335–342. A. Liska and G. Stowe, DNS security: defending the Domain Name System . Amsterdam Boston Heidelberg: Syngress, an imprint of Elsevier, 2016.[6] S. Khawatreh and N. El-Omari, “RAID-based Storage Systems,” Int. J. Comput. Appl. , vol. 180, pp. 1–7, Mar. 2018.[7] marcin.tomaszek, “What is RAID and How Does it Work? | Storware BLOG,” Storware. Accessed: Aug. 21, 2023. [Online]. Available: https://storware.eu/blog/what-is-raid-and-how-does-it-work/[8] P. Rahman and G. Shavier, “Reliability model of disk arrays RAID-5 with data striping,” IOP Conf. Ser. Mater. Sci. Eng. , vol. 327, p. 022087, Mar. 2018. S. Z. Chen and D. Towsley, “The Design and Evaluation of RAID 5 and Parity Striping Disk Array Architectures,” J. Parallel Distrib. Comput. , vol. 17, no. 1, pp. 58–74, Jan. 1993. D. A. Patterson, G. Gibson, and R. H. Katz, “A case for redundant arrays of inexpensive disks (RAID),” in Proceedings of the 1988 ACM SIGMOD international conference on Management of data , in SIGMOD ’88. New York, NY, USA: Association for Computing Machinery, Jun. 1988, pp. 109–116. M. Lyu, H. H. Gharakheili, C. Russell, and V. Sivaraman, “Hierarchical Anomaly-Based Detection of Distributed DNS Attacks on Enterprise Networks,” IEEE Trans. Netw. Serv. Manag. , vol. 18, no. 1, pp. 1031–1048, Mar. 2021. V. Pappas, D. Massey, and L. Zhang, “Enhancing DNS Resilience against Denial of Service Attacks,” Jul. 2007, pp. 450–459. K. Alieyan, M. M. Kadhum, M. Anbar, S. U. Rehman, and N. K. A. Alajmi, “An overview of DDoS attacks based on DNS,” in 2016 International Conference on Information and Communication Technology Convergence (ICTC) , Oct. 2016, pp. 276–280. L. Zhu, Z. Hu, J. Heidemann, D. Wessels, A. Mankin, and N. Somaiya, “Connection-Oriented DNS to Improve Privacy and Security,” in 2015 IEEE Symposium on Security and Privacy , May 2015, pp. 171–186. M. E. Ahmed, H. Kim, and M. Park, “Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking,” in MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM) , Oct. 2017, pp. 11–16. N. P. Bhatta, A. Ghimire, A. A. Hossain, and F. Amsaad, “Comprehensive Survey of Machine Learning Techniques for Detecting and Preventing Network Layer DoS Attacks,” in Internet of Things. Advances in Information and Communication Technology , D. Puthal, S. Mohanty, and B.-Y. Choi, Eds., Cham: Springer Nature Switzerland, 2024, pp. 347–356. S. Wankhede and D. Kshirsagar, “DoS Attack Detection Using Machine Learning and Neural Network,” in 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA) , Aug. 2018, pp. 1–5. F. S. de Lima Filho, F. A. F. Silveira, A. de Medeiros Brito Junior, G. Vargas-Solar, and L. F. Silveira, “Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning,” Secur. Commun. Netw. , vol. 2019, no. 1, p. 1574749, 2019. Crossref Google Scholar Information & Authors Information Version history V1 Version 1 16 April 2025 Copyright This work is licensed under a Non Exclusive No Reuse License. Collection Security and Privacy Keywords communication security cybersecurity issues affecting communications denial of service prevention schemes for communication systems information security security by design Authors Affiliations Rima Masri 0009-0004-0262-1916 [email protected] Al Ain University College of Engineering View all articles by this author Sahel Alouneh Al Ain University College of Engineering View all articles by this author Bayan Abu Shawar Al Ain University College of Engineering View all articles by this author Metrics & Citations Metrics Article Usage 421 views 172 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Rima Masri, Sahel Alouneh, Bayan Abu Shawar. A RAID-Inspired Framework for Robust DNS Security: MitigatingDDoS Attacks Through Distributed Data Encoding and Redundancy. Authorea . 16 April 2025. DOI: https://doi.org/10.22541/au.174480523.38636760/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.174480523.38636760/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9ff5590f2a48df94',t:'MTc3OTM4NTAzNA=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2025) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00
unpaywall
last seen: 2026-06-13T06:42:57.164913+00:00