A new class of poisoning attacks has recently emerged targeting the client-side Domain Name System (DNS) cache. It allows users to visit fake websites unconsciously, thereby revealing their information, such as passwords. However, the current DNS defense architecture does not include DNS clients. Although relative encryption solutions can mitigate this attack, they require the cooperation of multiple parties, and the deployment speed is slow. Therefore, we propose an intelligent-driven proactive defense strategy. First, we model the offensive and defensive process as a stochastic game based on moving target defense. Second, we adopt and optimize Proximal Policy Optimization (PPO), a deep reinforcement learning method, to solve problems caused by uncertain attack strategies and unknown state transition probability. Third, we design a self-checking component in PPO to solve the uncertainty of action space caused by game state constraints based on our previous work. Thus the convergence speed and stability of PPO are improved. Finally, to the best of our knowledge, we are the first to game with intelligent attackers besides three conventional ones. Our strategy does not require any modifications to the DNS architecture. Through an extensive experimental campaign, the prototype system is proved to be effective against multiple attack modes. Its success rate is 98.5% approximately, and network round-trip time is about 55 ms. Even for random attackers, our method can achieve the theoretical maximum defensive success rate.
An intelligent proactive defense against the client-side DNS cache poisoning attack via self-checking deep reinforcement learning / Ma, Tengchao; Xu, Changqiao; Yang, Shujie; Huang, Yiting; Kuang, Xiaohui; Tang, Hong; Grieco, Luigi Alfredo. - In: INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS. - ISSN 0884-8173. - STAMPA. - 37:10(2022), pp. 8170-8197. [10.1002/int.22934]
An intelligent proactive defense against the client-side DNS cache poisoning attack via self-checking deep reinforcement learning
Grieco, Luigi Alfredo
2022-01-01
Abstract
A new class of poisoning attacks has recently emerged targeting the client-side Domain Name System (DNS) cache. It allows users to visit fake websites unconsciously, thereby revealing their information, such as passwords. However, the current DNS defense architecture does not include DNS clients. Although relative encryption solutions can mitigate this attack, they require the cooperation of multiple parties, and the deployment speed is slow. Therefore, we propose an intelligent-driven proactive defense strategy. First, we model the offensive and defensive process as a stochastic game based on moving target defense. Second, we adopt and optimize Proximal Policy Optimization (PPO), a deep reinforcement learning method, to solve problems caused by uncertain attack strategies and unknown state transition probability. Third, we design a self-checking component in PPO to solve the uncertainty of action space caused by game state constraints based on our previous work. Thus the convergence speed and stability of PPO are improved. Finally, to the best of our knowledge, we are the first to game with intelligent attackers besides three conventional ones. Our strategy does not require any modifications to the DNS architecture. Through an extensive experimental campaign, the prototype system is proved to be effective against multiple attack modes. Its success rate is 98.5% approximately, and network round-trip time is about 55 ms. Even for random attackers, our method can achieve the theoretical maximum defensive success rate.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
