A Novel Interest Flooding Attacks Detection and Countermeasure Scheme in NDN

Abstract

As one of the promising candidates for the next generation network, Named Data Networking (NDN) has more advantages than the TCP/IP network in areas such as mobility, content distribution and security. Although NDN is designed to defense the majority Distributed Denial of Service (DDoS) attack in the current Internet, it anticipates some new varietal DDoS attacks. A representative DDoS form is called Interest Flooding Attacks (IFA), which can be launched easily by overflowing the PIT and can do immeasurable damage to the NDN. The existing IFA detection and countermeasure methods are mainly based on the PIT abnormal state statistics. However, these methods may cause misjudgment and damage the legitimate users, especially in the case of low-rate DDoS attacks or network congestion. In this paper, we propose an IFA detection scheme based on cumulative entropy by monitoring the content request abnormal distribution and then provide the malicious prefix identification method by relative entropy theory. An Interest traceback countermeasure is also used to restrain the attacker after detection. Therefore, the proposed scheme can reduce the IFA misjudgment and protect the legitimate user, and at the same time, can avoid overreaction to normal traffic fluctuation. Simulation results reveal that our methods can effectively mitigate the IFA in NDN.