Trust-based Verification Attack Prevention Scheme using Tendency of Contents Request on NDN

Abstract

To realize content distribution, NDN (Named Data Networking) is gathering attention. Since NDN is vulnerable to spreading fake contents, router based verification schemes are proposed to solve this problem. However, routers are vulnerable to the attack which puts a burden to them by verification of contents (verification attack). In order to detect it, the scheme leveraging the fact that the number of the request of unverified contents and the verification of them increase under the attack is proposed. While verification attack can be detected by that scheme, the attack has already occurred. In order to detect the attack before it occurs, in this paper, we propose a trust-based verification attack prevention scheme using tendency of contents request on NDN. We focus on the fact that the access interval to unverified contents tends to be short dramatically just before verification attack occurs. By leveraging this fact, the router determines that verification attack has occurred and restricts requests of all users temporarily. However, in this case, it is impossible to identify attackers, and the requests of legitimate users are also restricted. Therefore, we focus on the fact that legitimate users tend not to request contents in a cache in many cases. Meanwhile, in order to conduct verification attack, attackers need to request such contents for a short time. By giving low trust value to users requesting these contents, a router can identify attackers and restrict only attackers' requests. Our evaluation results show our scheme can detect verification attack before the attack. Furthermore, we clearly demonstrate that our scheme can restrict only attackers' requests.