Abstract
Named Data Networking (NDN) is one of the main research projects of the information center network (ICN), and its efficient forwarding mechanism attaches the attention of researchers. Like other networks, NDN also faces the threat of cyber attacks. With the assistance of the colluding server, the Collusive Interest Flooding Attacks (CIFA) can use the defects of the NDN’s internal forwarding mechanism to send malicious interest packets in the form of pulses. It affects the normal requests of legitimate users and reduces the quality of NDN network services in this way. By analyzing the characteristics of network traffic and CIFA model, a new CIFA detecting method based on the prediction error between particle filter and one-step prediction algorithm is proposed. This scheme samples the network traffic and judges whether the network is under attack by comparing the normalized error value of the one-step prediction and the estimate of the particle filter. Experimental analysis shows that the detection scheme in this paper has higher detection rate than the existing detection schemes.
Highlights
The core architecture of TCP/IP networks remains relatively stable
The Collusive Interest Flooding Attacks (CIFA) can periodically send malicious interest packets at a low average rate which can be hidden in background traffic, resulting in the existing detection schemes basically not detecting abnormal changes caused by CIFA attacks on the network
As studying the state of the art, we provide an overview and analysis of Interest Flooding Attack (IFA) attack detection methods, which can provide reference for research of CIFA
Summary
The core architecture of TCP/IP networks remains relatively stable. But the security, mobility and distribution aspects of the network are increasingly demanded by a variety of applications. The CIFA can periodically send malicious interest packets at a low average rate which can be hidden in background traffic, resulting in the existing detection schemes basically not detecting abnormal changes caused by CIFA attacks on the network. CIFAs are mainly caused by attackers sending seemingly legitimate interest packets that occupy limited PIT resources in intermediate routing nodes When this type of attack is launched, the ‘‘one-to-one’’ flow balance between interest packets and data packets will be seriously damaged, greatly affecting the routing node’s ability to forward interest packets. In order to achieve the best attack effect of CIFA, the time of delayed gratification of colluding interest packets should be close to the normal survival time of interest packets
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
