Research On Countermeasures For Interest Flooding Attacks In Content-Centric Network

ABSTRACT:With the rapid development of the information technology and the continuous growth of new types of applications, the communication paradigm of the Internet has shifted from the connections between hosts to the content-centric distribution and retrieval in huge amounts, which leads to the emergence of Content Centric Networking (CCN). Comparing to today's Internet architecture, CCN performs content distribution, content forwarding and retrieval only based on the content name, instead of IP address, which protects the location or identity information of the host and thus achieves better security. However, some attacks can still harm CCN. For example, CCN may suffer from the Interest Flooding Attacks (IFA), which is easy to launch and can achieve huge damage on CCN. This paper mainly focuses on the two types of IFA: Interest Flooding Attack with Fake Interests (IFA-F) and Interest Flooding Attack with Real Interests (IFA-R), and studies their corresponding countermeasures. The main contributions of this paper are as following:1) The analytical model for IFA-F is proposed, which evaluates the damage of IFA-F by the probability that Interest packets are denied by network (Interest-dropping probability). Based on the proposed model, the key parameters of CCN (e.g., content popularity, caching size of CCN router, size and Time-To-Live for Pending Interest Table) on shaping the damage effect of IFA-F are analyzed, and the corresponding simulations are performed. Simulation results show that IFA-F can harm CCN by bringing in abnormal Interest-dropping probability. Meanwhile, different settings for network parameters can significantly affect the damage effect of IFA-F.2) To simply counter IFA-F, the Router-based-Filter is proposed. It identifies the malicious name prefix that belongs to malicious Interest packets from IFA-F by monitoring the Pending Interest Table (PIT) in each router, and then limits the rate of the Interest packets which are with the malicious name prefix, to mitigate the consumption of IFA-F on router's memory resource for PIT. The performance evaluations show that the Router-based-Filter can successfully detect the IFA-F and effectively limit the incoming rate of malicious Interest packets. That is, the number of malicious Interest packets from IFA-F that can enter CCN is decreased, so the consumption on the memory resource for each involved router is decreased, making them can still perform packet forwarding even when suffering IFA-F.3) To counter IFA-F more effectively, the Cooperative-Filter is proposed, which counters IFA-F based on fuzzy logic as well as the cooperation between routers, and can be used in networks which need high security level. Specifically, it detects IFA-F in each router based on fuzzy logic modules, and then pushbacks the alert messages downstream to the edge routers through the cooperations between routers, to limit the incoming rate of malicious Interest packets. Moreover, the results of the simulations based on the realistic network topology and user behavior model show that the proposed Cooperative-Filter can decrease the PIT consumption rate in each involved router, and increase the Interest satisfaction rate as well as decrease the content retrieving delay.4) After analyzing the security performance of the current forwarding strategies in CCN, a secure Interest/Data forwarding method is proposed. It mitigates the IFA-F by directly decoupling malicious Interests from the PIT of each router, as well as designing a packet marking mechanism to make Data packet be forwarded to consumers without the help of PIT, to mitigate the consumption of IFA-F on router's memory resource for PIT. Simulation results demonstrate that the proposed method has better performance on decreasing the consumption of IFA-F on router's memory resource when comparing with the rate-limiting mechanism, and significantly improves the ability of CCN on countering IFA-F.5) To counter IFA-R, a double-threshold detecting method is proposed. It detects IFA-R by identifying abnormal traffic in each router, based on the threshold for the expired Interest entries in PIT of each router, as well as the traffic threshold for each interface. Simulation results show that the proposed double-threshold detecting method can quickly detect IFA-R and successfully identify the interfaces where malicious Interest packets travel through.