Research On The Countermeasure Of Interest Flooding Attack In Named Data Networking

Named Data Networking (NDN) is a new emerging architecture for future network, which may be a substitute of the current TCP/IP based network, for the content-oriented data request mode becoming the future trend of development. As an implementation of next generation Internet architecture, the security of NDN has attracted much attention. Though NDN is immune to most current attack, it cannot resist the DDoS-like attack-Interest Flooding Attack (IFA)-effectively. IFA takes advantages of the forwarding mechanism of NDN, flooding a large number of malicious Interest packets at quite a high rate, and exploits the network resources, which may cause the paralysis of the network.Taking into account the severity of the destruction, we have done the following work:(1) We described the attack mode of IFA in NDN, analyzed the principle of the attack, introduced the potential impact of the attack and then presented three characteristics of IFA through the inductive analysis. The detection principles of current several IFA defense schemes have been discussed with these three characteristics, and the essence of the monitoring quantitative index of each scheme has been mapped with the corresponding characteristic.(2) The distributed monitoring mechanism is proposed to attach the NDN node identifier to the Interest packets so that the distributed characteristic can be easily monitored.(3) Three quantitative indexes are proposed to depict the IFA characteristics separately. And the normalized indexes are matched to the three corresponding dimensions of the space vector model. The distance of the vector describes the chances that the Interest packet is malicious. Also, the time-varying Markov model is established to depict the state transition of the Interest packet which is transmitted from one NDN node to another. Moreover, the corresponding packet forwarding logic which is based on the space vector model and the time-varying Markov mode is proposed, realizing the cooperation between NDN nodes.(4) Considering that some normal Interest packets may be discarded as malicious packets due to misjudgment during the defense period, the retransmission forwarding mechanism is proposed, which can mark the state of the retransmission Interest packet as "normal".(5) The small scale tree topology and large scale topology are used to simulate the proposed IFA defense scheme in order to verify the effectiveness and the feasibility. PIT occupancy rate and Interest satisfaction rate are used as the evluation indicators in the simulation.