Abstract
Interest Flooding Attack (IFA) is one of the main security threats for the Named Data Networking (NDN). Most of its existing countermeasures enable intermediate routers near the attackers to independently detect the attack and consider the typical attack scenario in which attackers directly send malicious Interests at a constant and relatively high rate after the attack starts. Moreover, they may also throttle legitimate Interests when enforcing the existing defense measures at intermediate routers as it is still difficult for them to distinguish the Interests issued by attackers from those issued by legitimate consumers. Instead, this work aims at a more sophisticated attack scenario in which attackers start the attack at a relatively lower rate but gradually speed up to keep the Pending Interest Tables (PITs) of the victims increasing to finally deplete the PIT resources for legitimate consumers. It is relatively difficult for intermediate routers to independently and timely detect such a sophisticated IFA. To solve this problem, we propose a mechanism to detect and mitigate the sophisticated IFA from the network-wide view, dubbed as DMNWV. In DMNWV, a central controller monitors the network and makes a comprehensive and prompt decision on whether there is an ongoing IFA based on the overall state of the whole network collected from the abnormity information reports sent by the first-hop routers of attackers. Attack sources can be directly located after an IFA is determined, and then the routers directly connected to attackers (i.e., access routers) can take targeted measures based on the located attackers to prevent malicious Interest from entering the network without throttling legitimate Interests. We conduct an experimental study to evaluate the performance of DMNWV, explore the parameter settings of the attack detection algorithm at access routers, and measure the communication overhead of the central controller. The experimental results validate that DMNWV can timely detect and mitigate the sophisticated IFA without throttling requests from legitimate consumers with significantly low communication overhead of the central controller, which will not bring about too much burden to the network.
Highlights
With the rapid development of network technology and the continuous growth of new types of applications, the communication paradigm of the Internet has gradually transformed from the resource sharing between hosts to the content distribution and retrieval
4.1 Performance evaluation 4.1.1 Performance of DMNWV In this part, we evaluate the performance of DMNWV and compare it with Satisfactionbased Interest acceptance (SBA) and Satisfaction-based pushback (SBP) presented in [6], and BestRoute strategy which represents the state of the network with no defense mechanism
5 Conclusion In this paper, we propose a mechanism, called DMNWV, to detect and mitigate a more sophisticated Interest Flooding Attack (IFA) from the network-wide view based on a central controller, aiming to timely detect the attack and locate attackers before it causes great damage to the network and mitigate the attack at source without throttling the requests from legitimate consumers
Summary
With the rapid development of network technology and the continuous growth of new types of applications, the communication paradigm of the Internet has gradually transformed from the resource sharing between hosts to the content distribution and retrieval. Most existing mechanisms against IFA enable intermediate routers near the attackers to independently detect the attack and mainly focus on the typical IFA scenario, in which distributed IFA attackers directly issue spoofed Interests for non-existent content at a constant and fairly high rate after the attack starts In this scenario, the states of victims, such as the PIT usage and the satisfaction ratio of Interests, will immediately have significant changes after the attack starts, so that an intermediate router can independently and quickly find something abnormal and detect the attack based on its local observations. 3.1 Overall framework In DMNWV, there is a central controller which monitors the network from the networkwide view, aiming to timely detect the sophisticated IFA and locate the attack sources to take targeted defense measures to avoid throttling requests from legitimate consumers. Require: The average speed of incoming Interests vi, the number of expired Interets ei of each interface facei on an access router Rx
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
