Research On The Defend Strategy Of Interest Flooding Attacks In Named Data Networking

Named data networking(NDN),as a new content centric network architecture,completes data communication through a stateful forwarding mechanism.However,malicious users generate a large amount of network traffic,it will result in misuse of network resources,degradation of network performance,and fail to meet the requests of normal users.This attack is called interest flooding attack(IFA).In IFA,the network traffic generated by malicious users does not carry any source information and due to the diversity of malicious users’ behaviors,the existing defense strategies do not fully consider the concealment of network attack mode,and cannot effectively restrict malicious users.In this dissertation,the attack behaviors of malicious users are divided into three categories: fake variable prefix Interest packet,fake fixed prefix Interest packet and real Interest packet.Taking the time characteristics of network traffic as the starting point,the network traffic under different attack behaviors is analyzed to determine the possible malicious users to resist IFA.The main work of this dissertation are as follows:1.A detection mechanism of fake Interest packet variable prefix flooding attack based on Hidden Markov model and fuzzy logicIn the fake Interest packet variable prefix flooding attack,malicious users hide the attack behavior by changing the Interest prefix.The existing detection methods divide the time into cycles and analyze the corresponding relationship between user traffic and time cycles to determine whether it is a malicious user;However,the existing methods ignore the temporal continuity of traffic and only use the traffic characteristics in a single cycle to describe user behavior,which will be confused with the unintentional abnormal behavior of normal users.Combined with the user behavior of multiple time periods,the user series behavior in the time series window is reflected by sliding the time window.The superposition judgment on multiple time cycles can identify the fuzzy user behavior.Because fuzzy logic is good at dealing with the description of unclear boundaries,and hidden Markov model is suitable for dealing with time series,this dissertation uses hidden Markov model combined with fuzzy logic to detect malicious users in the way of sliding window.The simulation results show that under the tree topology and AS1775 topology,compared with the defense strategy without considering the temporal continuity,the defense strategy proposed in this dissertation can reduce the user request delay by 30%,make the Interest satisfaction ratio of users closer to the network performance without attack,and reduce the consumption of router storage resources.2.A detection mechanism of fake Interest packet fixed prefix flooding attack based on attention mechanism and Long Short-Term Memory modelIn the false Interest packet fixed prefix flooding attack,affected by the NDN caching strategy,the network traffic will fluctuate with time.Using the sliding window composed of multiple time cycles to detect the attack will misjudge when the malicious network traffic only shows a small change with time.Because the Long Short-Term Memory model can mine the temporal relationship of time series,and the attention mechanism can reflect the differences between different time steps,Therefore,in the sliding window,Long Short-Term Memory model detection attacks can be combined with the attention mechanism to achieve cumulative amplification of small changes in the time window,so as to detect malicious network traffic when the network traffic is uncertain.The simulation results show that the accuracy of the Long Short-Term Memory model with the attention mechanism-based detection mechanism proposed in this dissertation is better than that of the Long Short-Term Memory model-based detection mechanism which also uses multiple time cycles but does not use the attention mechanism,the accuracy increased by 4%;Compared with the detection mechanism using only a single time period of support vector machine,the accuracy of this method is also higher than that method.Compared to the defense strategy based on Expired-PIT,the defense strategy based on the detection mechanism in this dissertation can reduce the resource consumption of the router and the request delay of users,and improve the Interest satisfaction ratio of users.3.A defense strategy of real Interest packets based on Local Outlier Factor algorithmIn the real Interest packet flooding attack,the change of malicious traffic compared with normal traffic is very small,and the concealment is stronger.Therefore,on the basis of detecting attacks through the network traffic time window,considering the spatial characteristics of the flow,the network traffic is decomposed,the flow in the same period is divided into sub flows,and the change of each sub flow is monitored to achieve the amplification effect of the change.Because the existing detection methods ignore the impact of the sub flow on the network changes,and only measure the changes of network traffic to detect attacks.When the sub flow changes but the changes of network traffic are not obvious,it cannot accurately measure the changes of network traffic,and the Local Outlier Factor algorithm can mine abnormal data through the density of data.Therefore,this dissertation uses the Local Outlier Factor algorithm to judge the abnormal network sub flows in the time window,so as to identify the malicious name prefix information.The simulation results show that under tree topology and DFN topology,the detection accuracy based on Local Outlier Factor algorithm is better than the detection mechanism based on Gini impurity,the accuracy increased by 10%.This defense strategy can effectively reduce the waste of router resources,reduce the user request delay,and obtain a higher Interest satisfaction ratio of users.