One of the most critical components of the Internet that an attacker could exploit is the DNS (Domain Name System) protocol and infrastructure. Researchers have been constantly developing methods to detect and defend against the attacks against DNS, specifically DNS flooding attacks. However, most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped, making them highly dependable on detection strategies. In this paper, we propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques through Software Defined Networking (SDN) switches to redirect traffic to alternate DNS servers that are dynamically created and run under the Network Function Virtualization (NFV) framework. The proposed approach is implemented in a testbed environment by running our DNS servers as separate Virtual Network Functions, NFV Manager, SDN switches, and an SDN Controller. The experimental result shows that the MTDNS approach achieves a much higher success rate in resolving DNS queries and significantly reduces average latency even if there is a DNS flooding attack.

翻译：攻击者可能利用的互联网最关键组件之一是DNS（域名系统）协议及其基础设施。研究人员持续致力于开发检测和防御针对DNS攻击的方法，特别是DNS洪水攻击。然而，大多数解决方案采用丢弃数据包的防御方式，这可能导致合法数据包被丢弃，使其高度依赖于检测策略。本文提出MTDNS，一种基于移动目标防御的弹性方法，该方法通过软件定义网络交换机运用移动目标防御技术，将流量重定向至在网络功能虚拟化框架下动态创建和运行的备用DNS服务器。通过在测试床环境中运行作为独立虚拟网络功能的DNS服务器、NFV管理器、SDN交换机及SDN控制器，对所提方法进行了实现。实验结果表明，即使存在DNS洪水攻击，MTDNS方法仍能以更高的成功率解析DNS查询，并显著降低平均延迟。