DNS Spoofing Attack Simulation for Model-Based Security Evaluation

Abstract

Security of computer systems and networks has become very significant nowadays. Introducing and using a unified framework for modeling and quantitative security evaluation (QSE) is an open problem. Th results of our study on drawbacks of the existing security assessment methodologies motivated us to use a simulation framework for model-based security evaluation. We have used discrete-event simulation (DES) and the SimEvents tool for QSE of a domain name system (DNS). First, the normal operation of the DNS is simulated. Then, an attacker is added to the model. The aim is to evaluate the instantaneous availability of DNS as an important measure of security. Finally, as a case study, DNS spoofing attack model is constructed and the availability of the attacked system is evaluated. The proposed approach can be used for other kinds of attacks and other types of systems, networks and applications. In this paper the simulation models and their results are presented.