An Effective and Lightweight Countermeasure Scheme to Multiple Network Attacks in NDN

Abstract

In Named Data Networking, cache pollution, cache poisoning and interest flooding are three popular types of attacks that can drastically degrade the network performance. However, previous methods for mitigating these attacks are not sufficiently effective or efficient. Also, they cannot simultaneously handle the three attacks, or the case that core routers or edge routers are compromised. To handle these problems, we propose an effective and lightweight countermeasure scheme. It consists of token-based router monitoring policy (TRM), hierarchical consensus-based trust management (HCT), and popularity-based probabilistic caching and caching replacement policy (PPC). In TRM, each edge router monitors and evaluates each data requester’s probability of launching the cache pollution attack and each data provider’s probability of launching the cache poisoning attack, and accordingly assigns, rewards and penalizes tokens to them to control their data request and data provision activities. Thus, the interest flooding attack can also be mitigated by limiting the consumption of tokens. In HCT, each core router manages its directly connected edge routers using TRM, and the core routers trust each other through adopting the concept of consensus in Blockchain. Thus, the edge and core routers executing monitoring and evaluation are trustable. PPC uses probabilistic caching and caching replacement based on the popularity of received content to further mitigate the attacks and reduce caching and data verification overhead. Results from simulation experiments demonstrate that our proposed scheme has better performance, in terms of interest satisfaction ratio and average end-to-end delay than current mechanisms.