SDN DNS THE SYSTEM FOR DEFENDING DNS AMPLIFICATION ATTACKS IN SOFTWARE-DEFINED NETWORKS AND THE METHOD THEREOF

摘要

The present invention relates to a software-defined network (SDN)-based domain name system (DNS) amplification attack defense system and a method thereof. According to an embodiment of the present invention, the defense system may comprise: a malicious DNS defender which transmits, to a rule generation unit, information flow about DNS flowing into a port connected to an external network; the rule generation unit for generating a DNS response blocking rule for the information flow about the DNS received from the malicious DNS defender; and a DNS verification unit for analyzing a packet of a DNS request message when the SDN controller receives the DNS request message from a host.