NXNSAttack traffic detection method based on spatio-temporal feature fusion deep learning

The domain name system (DNS) is recognized as a critical infrastructure of the Internet and is frequently targeted by cyber-attacks. As an essential component of the DNS system, authoritative servers played a key role in domain name resolution and were therefore subject to frequent attacks. Recently...

Full description

Saved in:
Bibliographic Details
Published in网络与信息安全学报 Vol. 11; pp. 173 - 188
Main Authors LIU Yuxiang, MO Xiuliang, GONG Liangyi, LYU Kunxian, ZUO Peng
Format Journal Article
LanguageEnglish
Published POSTS&TELECOM PRESS Co., LTD 01.08.2025
Subjects
authoritative DNS
DDoS attack
DNS
NXNSAttack
Online AccessGet full text
ISSN2096-109X

Cover

More Information
Summary:The domain name system (DNS) is recognized as a critical infrastructure of the Internet and is frequently targeted by cyber-attacks. As an essential component of the DNS system, authoritative servers played a key role in domain name resolution and were therefore subject to frequent attacks. Recently, researchers found that vulnerabilities in DNS recursive resolvers could be exploited to launch distributed denial-of-service (DDoS) attacks based on NXNSAttack against authoritative servers. Furthermore, a new variant of DDoS attack based on NXNSAttack was identified in this study. Attackers were found to utilize distributed self-built authoritative DNS servers to launch the NXNSAttack. This attack leveraged the vulnerability of DNS recursive resolvers lacking correlation analysis for NS queries, and distributed NXNSAttack attacks (D.NXNSAttack) were conducted through spatial collaboration. To address these two types of NXNSAttack-based DDoS attacks, a detection method based on the fusion of spatial and temporal features using deep learning was proposed. The method comprised modules for traffic collection, data preprocessing, spatial-temporal feature fusion learning, and attack classification. By converting traffic information into images, the advantages of the spatial learning model ShuffleNet and the temporal learning model Mamba were utilized to capture differences between normal and attack traffic, enabling the detection of two distinct types of NXNSAttack attacks. Experimental results based on large volumes of attack traffic from multiple network ranges show that the detection accuracy of the proposed method exceeds 98%, and the F1-score reaches 98.8%.
ISSN:2096-109X