DADI: Defending against distributed denial of service in information‐centric networking routing and caching

Abstract

Information‐centric networking (ICN) is a new communication paradigm for the upcoming next‐generation internet (NGI). ICN is an open environment that depends on in‐network caching and focuses on contents. These attributes make ICN architectures subject to different types of routing and caching attacks. An attacker publishes invalid contents or announces malicious routes and sends malicious requests for available and unavailable contents. These types of attacks can cause distributed denial of service (DDoS) and cache pollution in ICN architectures. In this paper,we propose a Defending solution Against DDoS in ICN routing and caching (DADI) that detects and prevents these DDoS attacks. This solution allows ICN routers to differentiate between legitimate and attack behaviors in the detection phase based on threshold values. In the prevention phase, ICN routers are able to take actions against these attacks. In our experiments, we measure satisfied requests for legitimate users and cache hit ratio for ICN routers, which are evaluated over different scenarios when there are 20%, 50%, and 80% attackers with respect to legitimate users. The experiments show that the proposed solution effectively mitigates routing‐ and caching‐related DDoS attacks in ICN and enhances ICN performance in the existence of DDoS attacks.