Kim et al. J Surveill Secur Saf 2020;1:34-60  I  http://dx.doi.org/10.20517/jsss.2020.14                                                               Page 55
























































               Figure 14. Assessment of DNS Mitigation. DNS: Domain Name System

               and reflection attacks. The DNS server will respond a limited number of times to requests for a domain
               name resolution from a particular IP address, making it more difficult to flood the victim with traffic.


               5.3 Overall assessment of DNS mitigation system
               Figure 14 shows the assessment of whether the mitigation system can protect against DNS attacks.

               A full circle denotes yes or fully, a half-circle denotes partially, and empty circles denote no or not at all.
               Each mitigation system was developed to solve specific vulnerabilities in DNS. Several key findings of our
               assessment are provided:
               (1) DNSSEC is a major enhancement to DNS but can be exploited for DDoS attacks. According to the 2019
                                      [79]
               report released by Neustar , the number of DDoS attacks increased by 133% and the average DDoS attack
               size is 7.5 Gbps compared to 2018.
               (2) Most monitoring and detection systems can observe the malicious DNS traffic, not protect against the
               attacks. But, using these mitigation systems, it is possible to filter or protect against the DNS data attacks.