Named-Data Networking (NDN) is a potential Future Internet Architectures which introduces a shift from the existing host-centric IP-based Internet infrastructure towards a content-oriented one. Its design, however, can be misused to introduce a new type of DoS attack, better known as Interest Flooding Attack (IFA). In IFA, an adversary issues non-satisfiable requests in the network to saturate the Pending Interest Table(s) (PIT) of NDN routers and prevent them from properly handling the legitimate traffic. Prior solutions to mitigate this problem are not highly effective, damages the legitimate traffic, and incurs high communication overhead. In this paper, we propose a novel mechanism for IFA detection and mitigation, aimed at reducing the memory consumption of the PIT by effectively reducing the malicious traffic that passes through each NDN router. In particular, our protocol exploits an effective management strategy on the PIT which differentially penalizes the malicious traffic by dropping both the inbound and already stored malicious traffic from the PIT. We implemented our proposed protocol on the open-source ndnSIM simulator and compared its effectiveness with the one achieved by the existing state-of-the-art. The results show that our proposed protocol effectively reduces the IFA damages, especially on the legitimate traffic, with improvements that go from 5% till 40% with respect to the existing state-of-the-art.
展开▼
