Cache Control Method Mitigating Packet Concentration of Router Caused by Interest Flooding Attack

Abstract

Interest Flooding Attack (IFA) is one of the problems in Named Data Networking (NDN). In IFA, attackers send an excessive number of requests for non-existing contents, so it makes PIT overflow. It prevents normal users from retrieving Data packets. Pushback mechanism is a representative countermeasure against IFA in NDN. Pushback, however, limits Interest packets at routers near the server, so it also limits normal Interest packets. ICRP is another countermeasure against IFA. In ICRP, edge routers detect attackers and limit Interest packets from attackers. ICRP does not limit normal Interest packets, but each router needs to know the overall structure of the network to confirm whether it is an edge router by itself. In this paper, we propose an Interest flow balancing method focused on the number of requests on Named Data Networking, called IFBN. IFBN aims at decreasing the number of records in PIT from attackers and recovering the number of Data packets that normal users can retrieve. First, routers calculate reputation values for each interface. The reputation value is a proportion of the number of retrieved Data packets to the number of Interest packets forwarded for each interface. In addition to reputation values, routers refer to PIT and check the number of information from each interface. The router concludes that the interface that uses most capacity of PIT is forwarded attack Interest packets. The router does not record information of Interest packets from affected interface in PIT. Therefore, IFBN does not record only information of attack Interest packets without limiting normal Interest packets. We evaluate IFBN by simulation, and confirm IFBN can limit only attack Interest packets.