Cooperative-Filter: countering Interest flooding attacks in named data networking

Abstract

Named data networking (NDN) is an emerging networking paradigm that is considered as one of the promising candidates for next-generation Internet architecture. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on how to detect and mitigate the Interest flooding attack (IFA) in NDN, which can excessively consume the resource of each involved router by flooding too many malicious Interest packets with fake names. In this paper, to counter IFA, an architecture called Cooperative-Filter is proposed. It detects IFA using fuzzy logic, and mitigates it based on the cooperation between routers at the granularity of per-prefix-per-interface, by taking advantages of the state statistics of each router. Moreover, the performance of Cooperative-Filter is evaluated, based on both effect of it on reducing memory resource consumption of each involved router and the effect on increasing Interest satisfaction rate for legitimate users when suffering IFA as well as on decreasing the Interest-retrieving delay. Simulation results demonstrate that Cooperative-Filter can detect IFA and effectively mitigate its damage effect on NDN. To the best of our knowledge, this is the first attempt to design an IFA countermeasure embedding with fuzzy logic as well as countering IFA at the granularity of per-prefix-per-interface.