Low-rate Distributed Denial Of Service Research Articles

A Threshold Adaptation Mechanism for Detecting and Filtering Low-Rate DDoS Attacks


 
 
 TCP-targeted low-rate distributed denial-of-service (LDDoS) attacks pose a serious chal- lenge to the reliability and security of the Internet. Among various proposed solutions, we are par- ticularly interested in the Congestion Participation Rate (CPR) metric and the CPR-based approach. Through a simulation study, we show that if the algorithm makes use of a fixed CPR threshold, it cannot simultaneously preserve high TCP throughput under attacks and achieve good fairness per- formance for TCP flows without attacks. Then, we propose a method for adaptively changing the threshold over time to achieve both objectives. Simulation results show that our adaptive CPR-based approach can effectively protect TCP flows under attacks while keeping fairness in normal time.
 
 

HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN.

Software Defined Network (SDN) has alleviated traditional network limitations but faces a significant challenge due to the risk of Distributed Denial of Service (DDoS) attacks against an SDN controller, with current detection methods lacking evaluation on unrealistic SDN datasets and standard DDoS attacks (i.e., high-rate DDoS attack). Therefore, a realistic dataset called HLD-DDoSDN is introduced, encompassing prevalent DDoS attacks specifically aimed at an SDN controller, such as User Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). This SDN dataset also incorporates diverse levels of traffic fluctuations, representing different traffic variation rates (i.e., high and low rates) in DDoS attacks. It is qualitatively compared to existing SDN datasets and quantitatively evaluated across all eight scenarios to ensure its superiority. Furthermore, it fulfils the requirements of a benchmark dataset in terms of size, variety of attacks and scenarios, with significant features that highly contribute to detecting realistic SDN attacks. The features of HLD-DDoSDN are evaluated using a Deep Multilayer Perception (D-MLP) based detection approach. Experimental findings indicate that the employed features exhibit high performance in the detection accuracy, recall, and precision of detecting high and low-rate DDoS flooding attacks.

OPTIMIST: Lightweight and Transparent IDS With Optimum Placement Strategy to Mitigate Mixed-Rate DDoS Attacks in IoT Networks

Distributed denial of service (DDoS) attacks are widespread for Internet of things (IoT) systems that aim to disrupt the availability of a system completely (high-rate DDoS) or partially (low-rate DDoS). Design and placement of Intrusion Detection Systems (IDS) for DDoS attacks on IoT systems are challenging due to the low power and lossy nature of networks. Existing IDSs are designed to handle either high-rate or low-rate DDoS but cannot handle both with good accuracy. Existing IDS placement techniques are mostly non-transparent, making malicious nodes aware of the presence of IDS nodes. Most of the IDS placement strategies are non-optimal, making them energy inefficient. Accordingly, this work proposes a transparent, optimally placed, distributed IDS solution, namely OPTIMIST, which can handle both high-rate and low-rate DDoS attacks with good accuracy. The placement problem is formulated as the weighted minimum vertex cover problem of a K-uniform hypergraph and solved with an approximation algorithm. The IDS module is based on a LSTM model where a novel offline training method for LSTM is proposed using WGAN-generated artificial flows. Extensive experimentation on simulation and testbed shows that the OPTIMIST can best achieve the balance between DDoS detection and energy overhead.

Low Rate DDoS Detection Using Weighted Federated Learning in SDN Control Plane in IoT Network

The Internet of things (IoT) has opened new dimensions of novel services and computing power for modern living standards by introducing innovative and smart solutions. Due to the extensive usage of these services, IoT has spanned numerous devices and communication entities, which makes the management of the network a complex challenge. Hence it is urgently needed to redefine the management of the IoT network. Software-defined networking (SDN) intrinsic programmability and centralization features simplify network management, facilitate network abstraction, ease network evolution, has the potential to manage the IoT network. SDN’s centralized control plane promotes efficient network resource management by separating the control and data plane and providing a global picture of the underlying network topology. Apart from the inherent benefits, the centralized SDN architecture also brings serious security threats such as spoofing, sniffing, brute force, API exploitation, and denial of service, and requires significant attention to guarantee a secured network. Among these security threats, Distributed Denial of Service (DDoS) and its variant Low-Rate DDoS (LR-DDoS), is one of the most challenging as the fraudulent user generates malicious traffic at a low rate which is extremely difficult to detect and defend. Machine Learning (ML), especially Federated Learning (FL), has shown remarkable success in detecting and defending against such attacks. In this paper, we adopted Weighted Federated Learning (WFL) to detect Low-Rate DDoS (LR-DDoS) attacks. The extensive MATLAB experimentation and evaluation revealed that the proposed work ignites the LR-DDoS detection accuracy compared with the individual Neural Networks (ANN) training algorithms, existing packet analysis-based, and machine learning approaches.

An Asynchronous Federated Learning Arbitration Model for Low-Rate DDoS Attack Detection

Low-rate Distributed Denial of Service (LDDoS) attacks have been one of the most notorious network security threats, which use periodic slight multi-variate time series pulse flows to degrade network quality. Limited by the poor data in a single client, a powerful and satisfactory LDDoS attack detection model is hard to be trained. Federated Learning (FL) is a promising paradigm offering joint learning through multiple clients. We propose an asynchronous federated learning arbitration framework based on bidirectional LSTM (bi-LSTM) and attention mechanism (AsyncFL-bLAM). In the AsyncFL-bLAM, the leader node election algorithm is proposed for constructing the framework of asynchronous federated learning. The proposed bLAM model composed of feature extracter and arbitrator takes on the responsibility of LDDoS detection locally. Furthermore, the novel AsyncFL framework helps to upload and aggregate the bLAM models’ parameters asynchronously between leader node and client nodes. Experimental results show that the AsyncFL-bLAM outperforms the state-of-the-art models in accuracy, and reduces the overall communication rounds.

LtRFT: Mitigate the Low-Rate Data Plane DDoS Attack With Learning-To-Rank Enabled Flow Tables

Software-Defined Networking (SDN) switches typically have limited ternary content addressable memory (TCAM) that caches the flow entries on the data plane. The scarcity and strong resource competitiveness of TCAM space put the flow tables at the risk of malicious Distributed Denial-of-Service (DDoS) attacks. In this paper, we propose LtRFT, a Learning-To-Rank (LtR) based scheme for mitigating the low-rate DDoS attacks targeted at flow tables. LtRFT consists of three modules: <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">monitor</i> , <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ranker</i> , and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">mitigator</i> . <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Monitor</i> manages the flow table status and sends alerts to other modules after detecting attacks. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Ranker</i> models the attack mitigation problem as a flow entry ranking task, and ranks malicious flows with a high eviction priority using a pairwise-based LtR algorithm. The <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">mitigator</i> frees up the flow table space by deleting malicious flow entries according to the flow entry ranking sequence generated by <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">ranker</i> . We introduce LtR to network attack detection innovatively and use both classification and information retrieval metrics to describe and evaluate LtRFT. Extensive experiments were conducted to validate the effectiveness and robustness of LtRFT in detecting and mitigating the low-rate data plane DDoS attacks. LtRFT can detect malicious attack flows with an accuracy of over 96%, and can reduce the attack flow duration by 97.7% with an average extra latency of 0.5 seconds, which proves that LtRFT is practicable in SDN deployments.

Deep Generative Learning Models for Cloud Intrusion Detection Systems.

Intrusion detection (ID) on the cloud environment has received paramount interest over the last few years. Among the latest approaches, machine learning-based ID methods allow us to discover unknown attacks. However, due to the lack of malicious samples and the rapid evolution of diverse attacks, constructing a cloud ID system (IDS) that is robust to a wide range of unknown attacks remains challenging. In this article, we propose a novel solution to enable robust cloud IDSs using deep neural networks. Specifically, we develop two deep generative models to synthesize malicious samples on the cloud systems. The first model, conditional denoising adversarial autoencoder (CDAAE), is used to generate specific types of malicious samples. The second model (CDAEE-KNN) is a hybrid of CDAAE and the K -nearest neighbor algorithm to generate malicious borderline samples that further improve the accuracy of a cloud IDS. The synthesized samples are merged with the original samples to form the augmented datasets. Three machine learning algorithms are trained on the augmented datasets and their effectiveness is analyzed. The experiments conducted on four popular IDS datasets show that our proposed techniques significantly improve the accuracy of the cloud IDSs compared with the baseline technique and the state-of-the-art approaches. Moreover, our models also enhance the accuracy of machine learning algorithms in detecting some currently challenging distributed denial of service (DDoS) attacks, including low-rate DDoS attacks and application layer DDoS attacks.

A Deep 1-D CNN and Bidirectional LSTM Ensemble Model With Arbitration Mechanism for LDDoS Attack Detection

Low-rate Distributed Denial of Service (LDDoS) attacks are complex and common security issues, which disrupt the essential services of the varied and emerging networks. However, the traditional detection models are normally in a dilemma condition since LDDoS attacks have the characteristics of concealment and persistence in space and time dimensions. In this paper, we propose a novel, practical and fast ensemble model (FastCBLA-EM) to detect the LDDoS attacks. In the FastCBLA-EM, a dilated padding-based dual sliding method is worked out for producing fixed-length chronological order samples from flows per well-tuned packet step. Next, a competitive network composed of 1-D Convolutional Neural Network (1-D CNN) and a bidirectional Long Short Term Memory (bi-LSTM) network is employed to learn both spatial and temporal representations of samples, parallelly. Finally, an arbitration mechanism based on the enhanced attention method is used to assemble and weigh these representations for detecting LDDoS attacks. We compare the performances of the FastCBLA-EM with other models by obtaining a group of well-tuned hyperparameters in the revised ISCX-2016-SlowDos flow-based dataset. Experimental results demonstrate that the detection accuracy of the FastCBLA-EM can be up to 99.7% and the time complexity is <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$O(n)$</tex-math></inline-formula> .

Implementation of a Clustering-Based LDDoS Detection Method

With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.

A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks

Software-defined networking (SDN) is a new networking paradigm that provides centralized control, programmability, and a global view of topology in the controller. SDN is becoming more popular due to its high audibility, which also raises security and privacy concerns. SDN must be outfitted with the best security scheme to counter the evolving security attacks. A Distributed Denial-of-Service (DDoS) attack is a network attack that floods network links with illegitimate data using high-rate packet transmission. Illegitimate data traffic can overload network links, causing legitimate data to be dropped and network services to be unavailable. Low-rate Distributed Denial-of-Service (LDDoS) is a recent evolution of DDoS attack that has been emerged as one of the most serious vulnerabilities for the Internet, cloud computing platforms, the Internet of Things (IoT), and large data centers. Moreover, LDDoS attacks are more challenging to detect because this attack sends a large amount of illegitimate data that are disguised as legitimate traffic. Thus, traditional security mechanisms such as symmetric/asymmetric detection schemes that have been proposed to protect SDN from DDoS attacks may not be suitable or inefficient for detecting LDDoS attacks. Therefore, more research studies are needed in this domain. There are several survey papers addressing the detection mechanisms of DDoS attacks in SDN, but these studies have focused mainly on high-rate DDoS attacks. Alternatively, in this paper, we present an extensive survey of different detection mechanisms proposed to protect the SDN from LDDoS attacks using machine learning approaches. Our survey describes vulnerability issues in all layers of the SDN architecture that LDDoS attacks can exploit. Current challenges and future directions are also discussed. The survey can be used by researchers to explore and develop innovative and efficient techniques to enhance SDN’s protection against LDDoS attacks.

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

The evolution of computer network technology is now experiencing substantial changes, particularly with the introduction of a new paradigm, Software Defined Networking (SDN). The SDN architecture has been applied in a variety of networks, including the Internet of Things (IoT), which is known as SD-IoT. IoT is made up of billions of networking devices that are interconnected and linked to the Internet. Since the SD-IoT was considered as a complex entity, several types of attack on vulnerabilities vary greatly and can be exploited by careless individuals. Low-Rate Distributed Denial of Service (LRDDoS) is one of the availability-based attack that may affect the SD-IoT integration paradigm. Therefore, it is necessary to have an Intrusion Detection System (IDS) to overcome the security hole caused by LRDDoS. The main objective of this research was the establishment of an IDS application for resolving LRDDoS attack using the SVM algorithm combined with the Feature Importance method, namely the Logistic Regression Coefficient. The implemented approach was developed to reduce the complexity or resource’s consumption during the classification process as well as increasing the accuracy. It could be concluded that the Linear kernel SVM algorithm acquired the highest results on the test schemes at 100% accuracy, but the training time required for this model was longer, about 23.6 seconds compared to the Radial Basis Function model which only takes about 1.5 seconds.

A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop

Software-Defined Networking (SDN) is an approach to network architecture that enables software applications used for intelligent, centralized network management or scheduling. It is gaining popularity due to its flexibility, agility, and scalability feature. SDN provides high network programmability and speeds up the network variation by forwarding the control layer from the data layer. The logically centralized controller is always an attractive target for the Distributed Denial of Service (DDoS) attacks. According to various specifications, the low-rate DDoS attack is often not easy to detect against SDN because attackers behave like legitimate traffic. Hence, it is essential to have a fast and accurate detection model to detect the data layer attack traffic timely so that it could not affect on available resources such as bandwidth, memory, central processing unit (CPU). In this paper, we propose a DDoS detection technique based on Renyi Entropy with Packet Drop (REPD) where packets drop method is used for the purpose of mitigation. The information distance metric has been used to evaluate the fluctuation of network traffic with various probability distributions. Also, an extensive simulation has been carried out on the synthetic data to improve the performance in terms of detection time and accuracy. It was observed that the attained results outperformed the Shannon Entropy (SE), Generalized Entropy, and other statistical distance metrics.

LRDDoS Attack Detection on SD-IoT Using Random Forest with Logistic Regression Coefficient

Software Defined Internet of Things (SD-IoT) is currently developed extensively. The architecture of the Software Defined Network (SDN) allows Internet of Things (IoT) networks to separate control and data delivery areas into different abstraction layers. However, Low-Rate Distributed Denial of Service (LRDDoS) attacks are a major problem in SD-IoT networks, because they can overwhelm centralized control systems or controllers. Therefore, a system is needed that can identify and detect these attacks comprehensively. In this paper, the authors built an LRDDoS detection system using the Random Forest (RF) algorithm as the classification method. The dataset used during the experiment was considered as a new dataset schema that had 21 features. The dataset was selected using feature importance - logistic regression with the aim of increasing the classification accuracy results as well as reducing the computational burden of the controller during the attack prediction process. The results of the RF classification with the LRDDoS packet delivery speed of 200 packets per second (pps) had the highest accuracy of 98.7%. The greater the delivery rates of the attack pattern, the accuracy results increased.&#x0D;

Dynamic Threshold-Based Approach to Detect Low-Rate DDoS Attacks on Software-Defined Networking Controller

The emergence of a new network architecture, known as Software Defined Networking (SDN), in the last two decades has overcome some drawbacks of traditional networks in terms of performance, scalability, reliability, security, and network management. However, the SDN is vulnerable to security threats that target its controller, such as low-rate Distributed Denial of Service (DDoS) attacks, The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component. Therefore, there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates. Thus, this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold. The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving (i) a single host attack targeting a single victim; (ii) a single host attack targeting multiple victims; (iii) multiple hosts attack targeting a single victim; and (iv) multiple hosts attack targeting multiple victims. The proposed approach’s average detection rates are 96.65%, 91.83%, 96.17%, and 95.33% for the above scenarios, respectively; and its average false-positive rates are 3.33%, 8.17%, 3.83%, and 4.67% for similar scenarios, respectively. The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.

Low-rate DDoS attack Detection using Deep Learning for SDN-enabled IoT Networks

Software Defined Networks (SDN) can logically route traffic and utilize underutilized network resources, which has enabled the deployment of SDN-enabled Internet of Things (IoT) architecture in many industrial systems. SDN also removes bottlenecks and helps process IoT data efficiently without overloading the network. An SDN-based IoT in an evolving environment is vulnerable to various types of distributed denial of service (DDoS) attacks. Many research papers focus on high-rate DDoS attacks, while few address low-rate DDoS attacks in SDN-based IoT networks. There’s a need to enhance the accuracy of LDDoS attack detection in SDN-based IoT networks and OpenFlow communication channel. In this paper, we propose LDDoS attack detection approach based on deep learning (DL) model that consists of an activation function of the Long-Short Term Memory (LSTM) to detect different types of LDDoS attacks in IoT networks by analyzing the characteristic values of different types of LDDoS attacks and natural traffic, improve the accuracy of LDDoS attack detection, and reduce the malicious traffic flow. The experiment result shows that the model achieved an accuracy of 98.88%. In addition, the model has been tested and validated using benchmark Edge IIoTset dataset which consist of cyber security attacks.

DIAMOND: A Structured Coevolution Feature Optimization Method for LDDoS Detection in SDN-IoT

Software-defined networking for IoT (SDN-IoT) has become popular owing to its utility in smart applications. However, IoT devices are limited in computing resources, which makes them vulnerable to Low-rate Distributed Denial of Service (LDDoS). It is worth noting that LDDoS attacks are extremely stealthy and can evade the monitoring of traditional detection methods. Therefore, how to choose the optimal features to improve the detection performance of LDDoS attack detection methods is a key problem. In this paper, we propose DIAMOND, a structured coevolution feature optimization method for LDDoS detection in SDN-IoT. DIAMOND is consisted of a reachable count sorting clustering algorithm, a group structuring method, a comutation strategy, and a cocrossover strategy. By analysing the information of SDN-IoT network features in the solution space, the relationship between different SDN-IoT network features and the optimal solution is explored in DIAMOND. Then, the individuals with associated SDN-IoT network features are divided into different subpopulations, and a structural tree is generated. Further, multiple structural trees evolve in concert with each other. The evaluation results show that DIAMOND can effectively select optimal low-dimension feature sets and improve the performance of the LDDoS detection method, in terms of detection precision and response time.

Can Wavelet Transform Detect LDDoS Abnormal Traffic in Multipath TCP Transmission System?

With the rapid development of mobile Internet technology and multihost terminal devices, multipath transmission protocol has been widely concerned. Among them, multipath TCP (MPTCP) has become a hot research protocol in recent years because of its good transmission performance and Internet compatibility. Due to the increasing power of Low-Rate Distributed Denial of Service (LDDoS) attack, the network security situation is becoming increasingly serious. The robustness of MPTCP network has become an urgent performance index to improve. Therefore, it is very necessary to detect LDDoS abnormal traffic timely and effectively in the transmission system based on MPTCP. This paper tries to use wavelet transform technology to decompose and reconstruct network traffic and find a detection method of LDDoS abnormal traffic in the MPTCP transmission system. The experimental results show that in the MPTCP transmission system, the signal processing technology based on wavelet transform can realize the identification of LDDoS abnormal traffic. It indicates a direction worth further exploration for the detection and defense of the LDDoS attack.

On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers

Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub.

Extracting Low-Rate DDoS Attack Characteristics: The Case of Multipath TCP-Based Communication Networks

The multipath TCP (MPTCP) enables multihomed mobile devices to realize multipath parallel transmission, which greatly improves the transmission performance of the mobile communication network. With the rapid development of all kinds of emerging technologies, network attacks have shown a trend of development with many types and rapid updates. Among them, low-rate distributed denial of service (LDDoS) attacks are considered to be one of the most threatening issues in the field of network security. In view of the current research status, by using the network simulation software NS2, this paper first compares and analyzes the throughput and delay performance of the MPTCP transmission system under LDDoS attacks and, further, conducts simulation experiments and analysis on the queue occupancy rate of the LDDoS attack flow to extract the basic attack characteristics of the LDDoS attacks. The experimental results show that the LDDoS attacks will have a major destructive effect on the throughput performance and delay performance of the MPTCP transmission system, resulting in a decrease in the robustness of the transmission system. By analyzing and comparing the occupancy rate of the LDDoS attack flow in the MPTCP transmission system, it can be concluded that (1) the occupancy rate of the LDDoS scattered pulse traffic sent by each puppet machine changes slightly, and (2) the occupancy rate of LDDoS attack data flow is much greater than that of ordinary TCP data flow.

I-CIFA: An improved collusive interest flooding attack in named data networking

Named Data Network (NDN) as a new network architecture, in recent years become a hot research, its security has been widespread concern. With the continuous updating of distributed denial of service (DDoS) attack methods in NDN networks, this article designs a new type of attack, called the Improved Collusive Flooding Attack (I-CIFA). I-CIFA attack combines the advantages of mainstream DDoS attack in NDN network, and is an attack method generated by low-rate DDoS attack and the cooperation of collusive producer. On the basis of the existing DDoS attack, the I-CIFA attack further improves the ability to destroy the network and the ability to resist the existing defense scheme. I-CIFA is designed on the basis of CIFA by improving the attack nodes and so on. In addition to redefining and configuring the attack parameters, improvements were also made in two aspects. First, the probing mode to probe the pending interest table (PIT) capacity of the routing nodes was added before attack started. Second, the way in which each attacker requests a packet from the collusive producer in each attack cycle has been further improved. Test results show that I-CIFA can cause 87.5% of the legitimate interest packets in the whole network to be discarded, and it is not only has a strong attack range on the network, but it is also difficult to be detected by existing CIFA-countermeasures.