| Title | Intelligent-Driven Adapting Defense Against the Client-Side DNS Cache Poisoning in the Cloud |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Ma, Tengchao, Xu, Changqiao, Zhou, Zan, Kuang, Xiaohui, Zhong, Lujie, Grieco, Luigi Alfredo |
| Conference Name | GLOBECOM 2020 - 2020 IEEE Global Communications Conference |
| Date Published | dec |
| Keywords | client-side DNS cache poisoning attack, cloud computing, Cloud Security, Computer crime, deep reinforcement learning, delays, Encryption, Games, IP networks, pubcrawl, resilience, Resiliency, Servers, Stochastic Computing Security, Stochastic game |
| Abstract | A new Domain Name System (DNS) cache poisoning attack aiming at clients has emerged recently. It induced cloud users to visit fake web sites and thus reveal information such as account passwords. However, the design of current DNS defense architecture does not formally consider the protection of clients. Although the DNS traffic encryption technology can alleviate this new attack, its deployment is as slow as the new DNS architecture. Thus we propose a lightweight adaptive intelligent defense strategy, which only needs to be deployed on the client without any configuration support of DNS. Firstly, we model the attack and defense process as a static stochastic game with incomplete information under bounded rationality conditions. Secondly, to solve the problem caused by uncertain attack strategies and large quantities of game states, we adopt a deep reinforcement learning (DRL) with guaranteed monotonic improvement. Finally, through the prototype system experiment in Alibaba Cloud, the effectiveness of our method is proved against multiple attack modes with a success rate of 97.5% approximately. |
| DOI | 10.1109/GLOBECOM42002.2020.9322430 |
| Citation Key | ma_intelligent-driven_2020 |
Intelligent-Driven Adapting Defense Against the Client-Side DNS Cache Poisoning in the Cloud