2TierEdge-Defense: a cascaded defense framework with rule-based LSTM for NCIFA in NDN

Abstract

ABSTRACT Non-Collusive Interest Flooding Attacks (NCIFA) disrupt Named Data Networks' (NDNs) seamless communication and content distribution through QoS degradation. This work proposes 2TierEdge-Defense: a framework based on Long Short Term Memory (LSTM) to detect NCIFA in NDN at the edge content routers. The framework has been evaluated on large-scale Rocketfuel topologies for AT&T Internet Service Provider. The 2TierEdge-Defense framework consists of attack detection and mitigation modules with detection at edge router and their interfaces. During offline training and evaluation, the 2TierEdge-Defense framework can detect NCIFA with 0.92 (F1-score) and 0.84 (F1-score) at edge routers and their interfaces, respectively, with cascaded F1-score of 0.9872. Upon detection, the mitigation strategy in the 2TierEdge-Defense framework can improve the QoS metrics as quickly as in 0.45 seconds with an overall F1 score as high as 0.9872. The 2TierEdge-Defense is evaluated for scalability topology scenarios to ensure better performance when deployed on NDN content routers with a cascaded miss rate of 0.1 and a false alarm rate of 0.07.