Increasing DNS Security and Stability through a Control Plane for Top-Level Domain Operators

We present a control plane for operators of top-level domains (TLDs) in the DNS, such as ".org" and ".nl," that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that exten...

Full description

Saved in:
Bibliographic Details
Published in:IEEE communications magazine 2017-01, Vol.55 (1), p.197-203
Main Authors: Hesselman, Cristian, Moura, Giovane C.M., De Oliveira Schmidt, Ricardo, Toet, Cees
Format: Magazinearticle
Language:English
Subjects:
Computer crime
Control stability
Data storage
Detectors
Domain names
Internet
IP networks
Modules
Network management systems
Operators
Players
Servers
Stability analysis
Telecommunication network management
Threat evaluation
Traffic control
Traffic information
Wave division multiplexing
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We present a control plane for operators of top-level domains (TLDs) in the DNS, such as ".org" and ".nl," that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator's traditional services and detects potential threats in the TLD by continuously analyzing the TLD operator's two key datasets: the typically large amounts of DNS traffic that it handles and its database of registered domain names. The control plane shares information on discovered threats with other players in the TLD's ecosystem and can also use it to dynamically scale the TLD operator's DNS infrastructure. The control plane builds on a set of open source modules that we have developed on top of a Hadoop-based data storage cluster. These enable, for example, TLD operators to run and develop threat detectors and to easily import their DNS traffic into the control plane. Our control plane uses policies to protect the privacy of TLD users and is based on our operational experience of running .nl TLD (Netherlands), which we are also using as the use case for our implementation.
ISSN:0163-6804
1558-1896
DOI:10.1109/MCOM.2017.1600521CM