Abstract
Named-Data Networking (NDN) is a promising architecture for future Internet. Its design, however, can be misused to perform a new DDoS attack known as the Interest Flooding Attack (IFA). In IFA, the attacker issues non-satisfiable interest packets, aiming to drop legitimate interest packets by overwhelming pending interest tables in NDN routers. Prior defence mechanisms are not highly effective, harm legitimate interest packets, and/or incur high overhead. We propose a coordinated defence mechanism against IFAs. We realize our solution by adapting CoMon, a framework that we developed previously to coordinate caching-related decisions in NDN, motivated by its effective, yet affordable, coordination. In our solution, IFAs are detected and mitigated by few routers based on aggregated knowledge of traffic and forwarding states. These routers are selected by a novel heuristic enabling them to observe the entire traffic at an early stage. Extensive simulations confirm the feasibility and effectiveness of our solution.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
