Motivation for behaviour-based DNS security
A taxonomy of DNS-related Internet threats
The Domain Name System is the largest distributed system in operation today and a critical infrastructure component that can be regarded as one nervous system of the current Internet. Because of its critical role DNS is involved in manifold Internet attacks both against the system itself or other Internet hosts. This paper presents an exhaustive analysis of Internet threats involving the DNS classifying them in three categories: name server vulnerabilities, authenticity and integrity attacks, and consumption attacks. Attacks consuming Internet infrastructure resources are inadequately addressed today and from a network operator perspective they remain the major operational security issue. We show that many consumption attacks cause anomalies in DNS traffic, which implies that behaviour-based security on the name servers is a promising research area against this class of Internet attacks.