| As a kind of typical information centric networking, content centric networking(CCN) is an emerging paradigm to replace IP-based internet, which takes content name as the core of network instead of IP adress, could realize efficient distribution of contents. But the new characterisitic of universal cache in CCN brings new security threats, especially cache pollution attack. However, due to the great diffierences between the existing TCP/IP Interest and CCN, current security solutions are not appropriate for cache pollution attack in CCN. The reasons are as follows: Firstly, the traditional definition methods can’t accurately describe cache pollution attacks in CCN. Secondly, the defects in description of the attack led to the detection algorithms designed on the basis of which can only response to a narrow scope of attacks, Lastly, The existing defense mechanism often focus on the design of attack detection algorithms, but ignores the influence of caching strategies.Therefore, this dissertation is devoted to researching on cache pollution attacks in CCN.Based on the detailed analysis of operation mechanism and communication process in CCN, this dissertation gives a thorough analysis of cache pollution attack in CCN. Then the study is carried out in three aspects, namely, quantitative description of attack, design of detection algorithm and defense mechanism. The main achievements of this dissertation are as follows:1. A cache state model of node under attack is built, in which the cache pollution attack in were quantitatively described by three parameters, namely number of pollution contents, distribution of attack requests and attack intensity. Then the reside probability of pollution contents and the hit ratio of interest packets are calculated by the model, finally the different characteristics of attacks with different parameters were analysed, which2. The attack detection princip le based on node state model is put forwarded,which is benefited from the analysis of key parameters of cache node, correspondingly, two attack detection algorithms were instantiated with the observation parameters of cache replacement ratio and request arrival rate. The simulation results show that the proposed algorithms can obtain good detection performance each under decentralized attack and centralized attack.3. A cache pollution attack defense scheme based on cache diversification is proposed. To reduce the attack scope, different cache strategies were used for diffrernt in- network contents. Then different defense method were configured on different nodes, for the edge nodes, attack was detected by observing the request probability variation of different contents, for the upstream nodes, contents with low request rate will be ruled out from the cache space by setting filter rules. The simulation results show that the network average hit ratio is remarkably higher under service diversification mechanism than which under CCN traditional caching strategies. |
PDF Full Text Request