Cooperative detection and protection for Interest flooding attacks in named data networking

摘要

Named data networking (NDN) is a new emerging architecture for future network, which may be a substitute of the current TCP/IP-based network, for the content-oriented data request mode becoming the future trend of development. The security of NDN has attracted much attention, as an implementation of next-generation Internet architecture. Although NDN is immune to most current attack, it cannot resist the distributed denial of service like attack – Interest flooding attack (IFA) – effectively. IFA takes advantages of the forwarding mechanism of NDN, flooding a large number of malicious Interest packets at quite a high rate, and exploits the network resources, which may cause the paralysis of the network. Taking into account the severity of the destruction, we propose an algorithm to counter such new type of attack. We analyze three properties of IFA, and use them to judge and filter Interest packets. Vector space model and Markov model are used in our method to realize a cooperative detection. Meanwhile, we present the retransmission forwarding mechanism to ensure legitimate user request. The ndnSIM module of ns3 is used for the corresponding simulation, and results of the simulation will be given to show the effectiveness of our algorithm. Copyright © 2014 John Wiley & Sons, Ltd.