Research On Defense Strategy Of Non-secure Named Data Network

As a new kind of network architecture, Named Data Networking is a hot topic in the research of next generation network. Different from traditional TCP/IP network, NDN is a content-centric network, which achieve the nearest content acquisition through distributed content storage. The new kind of network architecture fundamentally solves four problems of TCP/IP network:(a)The exhaustion of IP address;(b)The inner network penetration;(c)The mobility;(d)The management of extensible address. However, NDN also faces a number of security threats as traditional networks. When the request data(Interest packet) come from illegal users, the PIT may be occupied illegally and then resulting to interest flooding attack.In this case, it may result in packet losing, decreasing of hit rate and finally increasing data acquisition latency. In addition, unreliable data resources may further aggravate packet losing and decreasing of hit rate. To ensure the performance of NDN in the above unsafe environment, the paper emphasize on the following two aspects.Research on data forwarding strategy. According to the non-secure factors in NDN, this paper put forward the concept of node reliability and evaluate the node reliability through the loss rate of the interest of node and the analysis two main factors, including user authenticity and data source authenticity. On the basis of node reliability, this paper divide optional next-hop node into two groups, reliable and unreliable group, then design the distribution ratio adjustment of interface data and finally propose a strategy called Probability Forward Strategy based on Reliability. The simulation results show that, comparing with random forwarding strategy, the proposed strategy can protect overall network performance better.Research on upstream limitation defense mechanism of interface. Although the PFSR strategy can improve the network performance in the non-secure environment by scheduling the forwarding traffic in the network, it is not a kind of counter mechanism in essence. Along with the increase of malicious requests and the deterioration of the network environment, the PFSR strategy becomes unable to maintain the normal operation of the network. To deal with the problem, we propose Upstream Limitation Mechanism based on Face Satisfaction. On the deployment of PFSR strategy, the ULM-FS mechanism further restrict the rate of forwarding malicious interest and reduce the number of forwarding malicious interest of output interfaceso that the network performance can be improved fundamentally.