Interest Flooding Research Articles

Detecting interest flooding attacks in NDN: A probability-based event-driven approach

The foundational concepts of the Internet were developed in the 1960s and 1970s with the goal of interconnecting hosts using the TCP/IP architecture. While this architecture has significantly impacted communication and commerce, it struggles to accommodate the Internet’s vast user base and diverse applications. Named Data Network (NDN), a next-generation Internet architecture is designed to overcome the current TCP/IP based Internet architecture’s limitations. NDN’s basic operations make it resilient against several traditional DoS/DDoS attacks. However, NDN remains vulnerable to Interest Flooding Attack (IFA), a class of DoS attacks that can exhaust the routers’ as well as the producers’ resources to disrupt network functionality. To detect these attacks, researchers came up with a few approaches. However, existing detection techniques focus on specific IFA variants but struggle to detect other variants. To address this challenge, in this paper, we propose a statistical abnormality detection scheme to identify all variants of IFA. Additionally, we generate a comprehensive NDN traffic dataset through our experiments and use it to evaluate the performance of the detection scheme. The experimental results show that our scheme can detect all variants of IFA with high accuracy. Towards the end, we also present a sensitivity analysis study that shows the impact of varying a few parameters on the detection performance of the proposed scheme.

2TierEdge-Defense: a cascaded defense framework with rule-based LSTM for NCIFA in NDN

ABSTRACT Non-Collusive Interest Flooding Attacks (NCIFA) disrupt Named Data Networks' (NDNs) seamless communication and content distribution through QoS degradation. This work proposes 2TierEdge-Defense: a framework based on Long Short Term Memory (LSTM) to detect NCIFA in NDN at the edge content routers. The framework has been evaluated on large-scale Rocketfuel topologies for AT&T Internet Service Provider. The 2TierEdge-Defense framework consists of attack detection and mitigation modules with detection at edge router and their interfaces. During offline training and evaluation, the 2TierEdge-Defense framework can detect NCIFA with 0.92 (F1-score) and 0.84 (F1-score) at edge routers and their interfaces, respectively, with cascaded F1-score of 0.9872. Upon detection, the mitigation strategy in the 2TierEdge-Defense framework can improve the QoS metrics as quickly as in 0.45 seconds with an overall F1 score as high as 0.9872. The 2TierEdge-Defense is evaluated for scalability topology scenarios to ensure better performance when deployed on NDN content routers with a cascaded miss rate of 0.1 and a false alarm rate of 0.07.

CORE: Counteracting overwhelming requests effectively—A method for interest flooding attack mitigation in NDNoT

<p>The<strong> </strong>Named Data Network (NDN) is a promising architecture for the near future. NDN communicates by naming data, unlike IP-based Internet architecture. Architectural understandability, ease of use, security, content presentation, and simplicity of data exchange logic make this architecture preferable. The NDNoT approach, which recently combines IoT and NDN, enables Internet of Things applications using NDN naming conventions and basic data structure. However, increasing technological applications bring security vulnerabilities. In this study, we propose a new method called CORE that will secure the intended data transfer. The presented CORE mechanism was developed as a countermeasure against the Interest Flooding attack, one of the NDN security attacks. Tests were carried out in the Cooja simulation environment using three different topology scenarios. CORE’s performance metrics were evaluated based on success rate, average delay, and interest traffic. The results showed that when the CORE mechanism was active, there was an improvement in the success rate and average delay. In terms of interest traffic, at least a 70% success rate was achieved compared to scenarios in which the CORE mechanism was not operated.</p>

Reinforcement learning inspired forwarding strategy for information centric networks using Q‐learning algorithm

SummaryContent interest forwarding is a prominent research area in Information Centric Network (ICN). An efficient forwarding strategy can significantly improve data retrieval latency, origin server load, network congestion, and overhead. The state‐of‐the‐art work is either driven by flooding approach trying to minimize the adverse effect of Interest flooding or path‐driven approach trying to minimize the additional cost of maintaining routing information. These approaches are less efficient due to storm issues and excessive overhead. Proposed protocol aims to forward interest to the nearest cache without worrying about FIB construction and with significant improvement in latency and overhead. This paper presents the feasibility of integrating reinforcement learning based Q‐learning strategy for forwarding in ICN. By revising Q‐learning to address the inherent challenges, we introduce Q‐learning based interest packets and data packets forwarding mechanisms, namely, IPQ‐learning and DPQ‐learning. It aims to gain self‐learning through historical events and selects best next node to forward interest. Each node in the network acts as an agent with aim of forwarding packet to best next hop according to the Q value such that content can be fetched within fastest possible route and every action returns to be a learning process, which improves the accuracy of the Q value. The performance investigation of protocol in ndnSIM‐2.0 shows the improvement in a range of 10%–35% for metrics such as data retrieval delay, server hit rate, network overhead, network throughput, and network load. Outcomes are compared by integrating proposed protocol with state‐of‐the‐art caching protocols and also against recent forwarding mechanisms.

IfNot: An approach towards mitigating interest flooding attacks in Named Data Networking of Things

Named Data Networking (NDN) has emerged as a model to accommodate content distribution, security, and mobility. Recently, NDN has been applied to the Internet of Things (IoT), referred to as Named Data Networking of Things (NDNoT). In the rapidly evolving landscape of the NDNoT securing data transmission is paramount. The main purpose and contribution of the research presented in this paper is to safeguard the security vulnerabilities of data transmission in NDNoT. This paper specifically addresses the critical issue of interest flooding attacks in NDNoT. These attacks can disrupt network operations posing far-reaching threats to data integrity and availability. To mitigate these attacks and threats the paper introduces the IfNoT mechanism and evaluates its performance through comprehensive simulations in a realistic and recognized simulator, called Cooja. IfNot identifies the potential interest flooding attacker nodes in the NDNoT environment. It reduces the impact of the attack and the undesirable interest traffic caused by such an attack, which optimizes the network resource utilization at a maximum level. The study also explores the influence of key parameters provided by the IfNoT mechanism. Moreover, the study also identifies optimum settings for these parameters to enhance network utilization. When evaluated using various metrics, including success rate, average latency, and total interest traffic, under different conditions and parameter settings, IfNoT was able to counter the interest flooding attacks effectively. IfNoT mechanism is able to increase success ratio up to 28%, decrease average latency up to 31%, and decrease total interest traffic up to 58%.

Mitigation of Interest Flooding Attack and Controlled Packet Propagation in Named Internet of Vehicles

Mitigation of Interest Flooding Attack and Controlled Packet Propagation in Named Internet of Vehicles

Hop Count Based Interest Selection and Content Forwarding Scheme for Vehicular Named Data Networks

Vehicular Named Data Networks (VNDN) face challenges in efficiently disseminating content due to high mobility and intermittent connectivity. To address these challenges, a Hop Count based Interest Selection and Content Forwarding (HISCF) scheme for VNDNs is proposed. The scheme focuses on mitigating interest flooding, reducing data packet duplication, and alleviating network congestion. HISCF consists of two components: interest selection and content forwarding. The selection process chooses a vehicle based on hop count and Interest Satisfaction Ratio (ISR) to forward the interest packet. Content forwarding is performed considering a hop count limit and pending interests, ensuring efficient content delivery. The HISCF scheme is evaluated using extensive simulations in ns-3 with ndnSIM. Performance metrics such as Data Packet Replication Count (DPRC), total number of interest packets forwarded, Interest Response Time (IRT) and routing overhead are analysed. Results show that HISCF outperforms naïve VNDN, reducing DPRC, minimizing interest packets forwarded, and decreasing average IRT. The findings demonstrate that HISCF effectively mitigates interest broadcast storms, reduces data packet duplication, and improves content delivery efficiency in VNDNs. This study contributes to VNDN research advancement and provides insights for designing effective content forwarding mechanisms in vehicular networks.

TSWA: a unique approach to overcome interest flooding attacks in the cloud using a combination of TSW and attack detection

TSWA: a unique approach to overcome interest flooding attacks in the cloud using a combination of TSW and attack detection

A Machine Learning-Based Interest Flooding Attack Detection System in Vehicular Named Data Networking

A vehicular ad hoc network (VANET) has significantly improved transportation efficiency with efficient traffic management, driving safety, and delivering emergency messages. However, existing IP-based VANETs encounter numerous challenges, like security, mobility, caching, and routing. To cope with these limitations, named data networking (NDN) has gained significant attention as an alternative solution to TCP/IP in VANET. NDN offers promising features, like intermittent connectivity support, named-based routing, and in-network content caching. Nevertheless, NDN in VANET is vulnerable to a variety of attacks. On top of attacks, an interest flooding attack (IFA) is one of the most critical attacks. The IFA targets intermediate nodes with a storm of unsatisfying interest requests and saturates network resources such as the Pending Interest Table (PIT). Unlike traditional rule-based statistical approaches, this study detects and prevents attacker vehicles by exploiting a machine learning (ML) binary classification system at roadside units (RSUs). In this connection, we employed and compared the accuracy of five (5) ML classifiers: logistic regression (LR), decision tree (DT), K-nearest neighbor (KNN), random forest (RF), and Gaussian naïve Bayes (GNB) on a publicly available dataset implemented on the ndnSIM simulator. The experimental results demonstrate that the RF classifier achieved the highest accuracy (94%) in detecting IFA vehicles. On the other hand, we evaluated an attack prevention system on Python that enables intermediate vehicles to accept or reject interest requests based on the legitimacy of vehicles. Thus, our proposed IFA detection technique contributes to detecting and preventing attacker vehicles from compromising the network resources.

Towards Persistent Detection of DDoS Attacks in NDN: A Sketch-Based Approach

As a promising architectural design for future Internet, Named Data Networking (NDN) relies on data names, instead of destination IP addresses, to deliver data. NDN supports data authenticity and integrity by making public key signatures mandatory on data content and data names. This handles the primary security concern in NDN, but is still vulnerable to new DDoS attacks, including Cache Pollution attacks and Interest Flooding attacks, which degrade NDN transmission significantly, by violating the crucial components of NDN routers. To defend against DDoS attacks in NDN, the most effective way is to persistently detect the malicious traffic and then throttle them. Except for the usual concern of the accuracy and efficiency in attack detection, since these attacks themselves have already imposed a huge burden on victims, to avoid exhausting the remaining resources on the victims for detection purpose, a lightweight detection solution is highly desired. We study DDoS attacks and propose a persistent detection solution based on an observed malicious traffic pattern, which leverages a novel sketch to monitor the malicious traffic in a timely and lightweight way. Additionally, our analysis and experiments demonstrate that, with fixed low resource consumption, the proposed solution can persistently detect DDoS attacks in NDN.

Detection of Improved Collusive Interest Flooding Attacks Using BO-GBM Fusion Algorithm in NDN

In Named Data Networking (NDN), Collusive Interest Flooding Attacks (CIFA) is a new type of Distributed Denial of Service (DDoS) attacks, which can effectively affect the performance of NDN by sending malicious Interests intermittently. Since the concealment of CIFA is strong, the existing detection methods for Interest Flooding Attacks (IFA) are difficult to find the malicious Interests in the NDN network. However, the subsequent attack strength of CIFA is weaker than that of IFA, resulting in the attack range of CIFA is much smaller than that of IFA in large network topologies. In order to launch the most serious attack with the least cost, the attack model of CIFA has been improved by our previous work, namely Improved Collusive Interest Flooding Attacks (I-CIFA). To better take the countermeasures against I-CIFA, this paper studies the adverse effects of I-CIFA in NDN and proposes a detection mechanism for I-CIFA. Foremost, we extract the corresponding network traffic and analyze the impact of I-CIFA on malicious routing nodes in different locations of the network. Furthermore, the detection mechanism based on BO-GBM fusion algorithm is proposed to detect I-CIFA through classifying the network traffic. Finally, several specific performance metrics are adopted to evaluate the practicability of BO-GBM fusion algorithm in detecting I-CIFA. The results show that BO-GBM fusion algorithm has better detection performance than other existing detection schemes, with the detection rate of 98.69%, false alarm rate of 1.36% and missing alarm rate of 1.43%.

Interest Flooding Attacks in Named Data Networking: Survey of Existing Solutions, Open Issues, Requirements, and Future Directions

Named Data Networking (NDN) is a prominent realization of the vision of Information-Centric Networking. The NDN architecture adopts name-based routing and location-independent data retrieval. Among other important features, NDN integrates security mechanisms and focuses on protecting the content rather than the communications channels. Along with a new architecture come new threats, and NDN is no exception. NDN is a potential target for new network attacks such as Interest Flooding Attacks (IFAs). Attackers take advantage of IFA to launch (D)DoS attacks in NDN. Many IFA detection and mitigation solutions have been proposed in the literature. However, there is no comprehensive review study of these solutions that has been proposed so far. Therefore, in this article, we propose a survey of the various IFAs with a detailed comparative study of all the relevant proposed solutions as counter-measures against IFAs. We also review the requirements for a complete and efficient IFA solution and pinpoint the various issues encountered by IFA detection and mitigation mechanisms through a series of attack scenarios. Finally, in this survey, we offer an analysis of the open issues and future research directions regarding IFAs.

A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking

Despite the highly secure content sharing and the optimized forwarding mechanism, the content delivery in a Named Data Network (NDN) still suffers from numerous vulnerabilities that can be exploited to reduce the efficiency of such architecture. Malicious attacks in NDN have become more sophisticated and the foremost challenge is to identify unknown and obfuscated malware, as the malware authors use different evasion techniques for information concealing to prevent detection by an Intrusion Detection System (IDS). For the most part, NDN faces immense negative impacts from attacks such as Cache Pollution Attacks (CPA), Cache Privacy Attacks, Cache Poisoning Attacks, and Interest Flooding Attacks (IFA), that target different security components, including availability, integrity, and confidentiality. This poses a critical challenge to the design of IDS in NDN. This paper provides the latest taxonomy, together with a review of the significant research works on IDSs up to the present time, and a classification of the proposed systems according to the taxonomy. It provides a structured and comprehensive overview of the existing IDSs so that a researcher can create an even better mechanism for the previously mentioned attacks. This paper discusses the limits of the techniques applied to design IDSs with recent findings that can be further exploited in order to optimize those detection and mitigation mechanisms.

MF‐RF: A detection approach based on multi‐features and random forest algorithm for improved collusive interest flooding attack

AbstractA new type of Collusive Interest Flooding Attack (CIFA), Improved Collusive Interest Flooding Attack (I‐CIFA), which originates from CIFA with a stronger concealment, higher attack effect, lower attack cost, and wider attack range in Named Data Networking (NDN). In order to detect this attack, the present study explores new detection features and establishes a sample set of attack features with different granularities, and accordingly, the Pearson coefficient is used to validate the correlation between the proposed features and the network states. Finally, the Random Forest model is designed to detect the I‐CIFA attack. To evaluate the performance of the approach, extensive experiments are conducted in ndnSIM platform. Test results show that the proposed detection approach outperforms other existing approaches with a detection rate of 98.1%, error rate of 1.9%, and false positive rate of 1.5%.

RNA therapeutics from rare to common diseases

RNA therapeutics have taken a center stage during the pandemic, due to the successful development and launch of two mRNA COVID-19 vaccines (by Moderna and Pfizer/BioNTech). Although there are already multiple commercially successful RNA drugs for the treatment of orphan indications, this is the first time that RNA therapies unlock their commercial value in mass population. With the backdrop of massive capital and interest flooding into the field of RNA therapeutics, many companies began to expand their orphan-indication-centered RNA therapeutic portfolio into common diseases. In this article, we calculated the success rate of publicly available RNA therapeutic pipelines at each development stage as well as their likelihood of approval (LOA). We found those targeting common diseases have a much lower LOA rate when compared with pipelines targeting rare diseases (5.8% vs. 23.8%). Consequently, we discussed the underlying challenges and potential opportunities for RNA therapeutics moving from rare to common diseases.

Multi-classifier and meta-heuristic based cache pollution attacks and interest flooding attacks detection and mitigation model for named data networking

ABSTRACT This study’s main goal is to provide a novel assault detection model with two phases. The features such node, distribution, pattern, frequency, and run time are extracted in the first phase. The Deep Convolutional Neural Network (CNN) is then used to detect cache pollution attacks (also known as content poisoning attacks), which include interest flooding for existing data, interest flooding for non-existing data, hijacking incoming interest packets, and signing data with the incorrect key. Similar to the first phase, the second phase involves extracting the aforementioned attributes and feeding them into a fuzzy decision tree (FDT) in order to identify an interest flooding attack. For accurate attack detection, this paper aims to optimise both DCNN and FDT classifiers. This work provided a fresh Decision Oriented Rider Optimisation Algorithm (DO-ROA), an enhancement of the traditional ROA, to address the optimisation problem. With regard to specific Type I and Type II performance measures, the suggested DO-ROA algorithm’s performance is compared to that of other traditional models, demonstrating the superiority of the presented work.

The role of evolutionary game theory in spatial and non-spatial models of the survival of cooperation in cancer: a review.

Evolutionary game theory (EGT) is a branch of mathematics which considers populations of individuals interacting with each other to receive pay-offs. An individual’s pay-off is dependent on the strategy of its opponent(s) as well as on its own, and the higher its pay-off, the higher its reproductive fitness. Its offspring generally inherit its interaction strategy, subject to random mutation. Over time, the composition of the population shifts as different strategies spread or are driven extinct. In the last 25 years there has been a flood of interest in applying EGT to cancer modelling, with the aim of explaining how cancerous mutations spread through healthy tissue and how intercellular cooperation persists in tumour-cell populations. This review traces this body of work from theoretical analyses of well-mixed infinite populations through to more realistic spatial models of the development of cooperation between epithelial cells. We also consider work in which EGT has been used to make experimental predictions about the evolution of cancer, and discuss work that remains to be done before EGT can make large-scale contributions to clinical treatment and patient outcomes.

An Effective and Lightweight Countermeasure Scheme to Multiple Network Attacks in NDN

In Named Data Networking, cache pollution, cache poisoning and interest flooding are three popular types of attacks that can drastically degrade the network performance. However, previous methods for mitigating these attacks are not sufficiently effective or efficient. Also, they cannot simultaneously handle the three attacks, or the case that core routers or edge routers are compromised. To handle these problems, we propose an effective and lightweight countermeasure scheme. It consists of token-based router monitoring policy (TRM), hierarchical consensus-based trust management (HCT), and popularity-based probabilistic caching and caching replacement policy (PPC). In TRM, each edge router monitors and evaluates each data requester’s probability of launching the cache pollution attack and each data provider’s probability of launching the cache poisoning attack, and accordingly assigns, rewards and penalizes tokens to them to control their data request and data provision activities. Thus, the interest flooding attack can also be mitigated by limiting the consumption of tokens. In HCT, each core router manages its directly connected edge routers using TRM, and the core routers trust each other through adopting the concept of consensus in Blockchain. Thus, the edge and core routers executing monitoring and evaluation are trustable. PPC uses probabilistic caching and caching replacement based on the popularity of received content to further mitigate the attacks and reduce caching and data verification overhead. Results from simulation experiments demonstrate that our proposed scheme has better performance, in terms of interest satisfaction ratio and average end-to-end delay than current mechanisms.

A Multicriteria-Based Forwarding Strategy for Interest Flooding Mitigation on Named Data Wireless Networking

In wireless networks, the Named Data Networking (NDN) architecture maximizes contents' availability throughout multiple network paths based on multicast-based communication combined with stateful forwarding and caching in intermediate nodes. Despite its benefits, the downside of the architecture resides in the packet flooding not efficiently prevented by current forwarding strategies and mainly associated with the native flooding of the architecture or malicious packets from Interest Flooding Attack (IFA). This work introduces iFLAT, a multicriteria-based forwarding strategy for <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">i</b> nterest <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">FL</b> ooding mitig <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">AT</b> ion on named data wireless networking. It follows a cross-layer approach that considers: (i) the Received Signal Strength (RSS) to adjust itself to the current status of the wireless network links, (ii) the network traffic ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">meInfo</i> ) to detect flooding issues and traffic anomalies, and (iii) a fake Interest Blacklist to identify IFA-related flooding. In doing so, the strategy achieves better efficiency on Interest flooding mitigation, addressing both native and IFA types of flooding. We evaluated the proposed strategy by reproducing a Flying Ad hoc Network (FANET) composed of Unmanned Aerial Vehicles (UAVs) featured by the NDN stack deployed in all nodes. Simulation results show that iFLAT can effectively detect and mitigate flooding, regardless of its origin or nature, achieving greater packet forwarding efficiency than competing strategies. In broadcast storm and IFA scenarios, it achieved 25.75% and 37.37% of traffic reduction, whereas Interest satisfaction rates of 16.36% and 51.78% higher, respectively.

Detecting and Mitigating Collusive Interest Flooding Attacks in Named Data Networking

The large expansion in network services and applications seen in the last few years requires new network architectures to satisfy an increasing number of users and enhance content delivery. Named Data Networking (NDN) has recently appeared as a new paradigm to solve many shortcomings in the current TCP/IP architecture. Its main characteristics like stateful forwarding and in-network caching made NDN networks an efficient environment for data delivery where the data is retrieved based on content names rather than IP addresses. The NDN, by its nature, defends against the well-known Distributed Denial of Service (DDoS) attacks that take place in the traditional TCP/IP architecture. However, a special kind of DoS attack called Collusive Interest Flooding Attack (CIFA) has appeared to overwhelm the resources of NDN routers by filling their Pending Interest Tables (PIT) with long-lasting malicious entries. The network throughput and consumer satisfaction rate are highly affected by CIFA. A lightweight yet efficient stateless CIFA detection algorithm is proposed in this research utilizing the non-parametric CUSUM algorithm; a change point detection approach that detects the point in time when a transition occurs in the network. The proposed algorithm is characterized by its low computational overhead, highly accurate detection, and quick response. To detect the malicious name prefixes and eliminate the CIFA effect, a mitigation algorithm that uses the average response time vales of all name prefixes is proposed in this research. Experimental results show that this approach detects CIFA after 199.5 ms from when an attack is launched in the large-scale topology. In addition, the mitigation approach effectively reduces the PIT utilization and increases the average consumer satisfaction rate.