The Study Of Interest Flooding Attack In Content-Centric Networking

Content-Centric Networking(CCN)is one of the most promising architectures in the future Internet architecture cluster,although the new design of the CCN network architecture makes it possible to withstand most DDoS attacks on current TCP/IP networks.A new type of DDoS attack has been triggered,and the most dangerous and easy to launch is the Interest Flooding Attack(IFA).The existing attack defense scheme is mainly based on the abnormal state statistics of the pending interest table,ignoring the impact on the legitimate users.In view of the above situation,this paper aims to improve the attack detection accuracy and defense effect,and proposes two attack defense schemes.The research contents are as follows:Aiming at the problem that the existing attack defense scheme has misjudgment to legitimate users,and considering the difference between the burst stream and the attack stream,an attack defense scheme based on entropy rate is proposed.The specific steps of this scheme mainly include two steps.Firstly,using the randomness of the user requesting the content name in the CCN to detect the abnormal fluctuation of the network,and further calculating the entropy rate,thereby distinguishing the burst stream from the attack stream.Second,determining the network after the attack,the name prefix of the malicious interest packet is identified by the difference of the information entropy,and the notification packet containing the malicious name prefix information is sent to the neighboring node,thereby,performing collaborative defense.The simulation results show that the proposed scheme can distinguish the legal flow from the attack flow on the premise of detecting the attack as early as possible,and quickly suppress the forwarding of malicious interest packets,thus effectively reducing the impact of the attack on the network.Ignoring the low-rate attack form for the existing attack defense scheme will have a serious impact on the content center network.An attack defense scheme based on the Sibson distance is proposed.The specific steps of this scheme mainly include two steps.Firstly,using information entropy to detect abnormal fluctuations of the network.If the network is abnormal,determine whether there is an interest packet flooding attack in the network by calculating the value of the Sibson distance.Second,determine the network after the attack.Then,the malicious name prefix is further identified by the difference of the Sibson distance,and the notification packet containing the malicious name prefix is sent to the neighboring node for attack defense.The simulation results show that compared with the traditional defense method,this scheme has obvious advantages in attack detection accuracy and defense effect.