Abstract
The Interest Flooding Attack (IFA) has been one of the biggest threats to the Named Data Networking (NDN) paradigm. It is easy to launch but very difficult to mitigate. In this paper, a lightweight yet efficient IFA countermeasure, named as InterestFence, is proposed to achieve accurate detection as well as efficient attack-traffic filtering without harming any legitimate Interests. First, InterestFence detects IFAs based on the content servers rather than routers to guarantee accurate detection, since only content servers know exactly IFA’s existence by checking their content index. Second, for each name prefix in every content server, all of the content items with that prefix have a hash-based security label (HSL) to claim their existence. Then an HSL verification method is securely transmitted to the involved routers to help accurately filter IFA traffic, by simply performing HSL verifying operations against malicious name prefixes. Performance evaluation demonstrates that InterestFence can filter 100% IFA traffic at intermediate routers, and keep the same level of service latency for legitimate users, while with a much lower overhead in time consumption compared with cryptographic algorithms.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.