Research Area: Software Defined Networks
We present a control plane for operators of top-level domains (TLDs) in the DNS, such as β.orgβ and β.nl,β that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator-s traditional services and detects potential threats in the TLD by continuously analyzing the TLD operator-s two key datasets: the typically large amounts of DNS traffic that it handles and its database of registered domain names. The control plane shares information on discovered threats with other players in the TLD-s ecosystem and can also use it to dynamically scale the TLD operator-s DNS infrastructure. The control plane builds on a set of open source modules that we have developed on top of a Hadoop-based data storage cluster. These enable, for example, TLD operators to run and develop threat detectors and to easily import their DNS traffic into the control plane. Our control plane uses policies to protect the privacy of TLD users and is based on our operational experience of running .nl TLD (Netherlands), which we are also using as the use case for our implementation.
Keywords:
DNS Security
Stability
Control Plane
SDN
Author(s) Name: Cristian Hesselman; Giovane C.M. Moura; Ricardo De Oliveira Schmidt; Cees Toet
Journal name: IEEE Communications Magazine
Conferrence name:
Publisher name: IEEE
DOI: 10.1109/MCOM.2017.1600521CM
Volume Information: Volume: 55, Issue: 1, January 2017, Page(s): 197 - 203
