Detection And Countermeasure Of Interest Flooding Attacks In Named Data Networking

In recent years,with the diversification of network services and the continuous progress of technology,users are more and more concerned about the data content itself and the speed and security of data acquisition.The communication mode of the network has gradually evolved into the content-centered information sharing.The traditional IP network architecture has gradually failed to meet the needs of users.In this context,many scholars have begun to study the architecture of the next generation network.Named Data Networking(NDN)is one of the representatives of the architecture of the next generation network,which uses uniform resource locator(URL)similar content name to replace the IP address in the traditional network for routing.Attackers leverage the NDN routing and forwarding mechanism to launch the interest packet flooding attack(IFA)which injects a large number of malicious interest packets into the network to consume network resources.The normal operation of the network will be affected or even broken.This paper studies the detection and defense of IFA in NDN.The specific work is as follows:This paper introduces the design principle,packet type,naming mechanism and routing and forwarding process of NDN architecture.The form and influence of DDoS attack of IP network toward NDN are analyzed,as well as the attack principle and mode of IFA in NDN.The characteristics of IFA are summarized as follows: high packet rate,request nonexistent content name prefix and distributed attack.In view of IFA attack pattern and attack characteristics,several existing IFA detection and defense methods are analyzed from the aspects of detection granularity,monitoring indicators and method advantages and disadvantages.An IFA detection method based on interface listening and prefix recognition is proposed to improve the sensitivity of detecting attacks and reduce the misjudgment rate of attacks.The main idea is to judge whether the interface traffic is abnormal by listening to the satisfaction rate of interest packet of router interface and occupation rate of pending interest table(PIT),dynamically adjusting the threshold value of IFA detection indicators to ensure the sensitivity of detecting attack behavior.At the same time,the overtime interest table is constructed to judge the name prefix under IFA attack which reduces the misjudgment rate of the attack.Aiming at the problem that the IFA defense method undifferentiated limits the receiving rate of malicious interest package and normal interest package,which affects the data acquisition of normal users,an IFA mitigation method based on traffic restriction and neighbor notification is proposed.The main idea is that the probability model of traffic limitation is introduced to limit the forwarding rate of interest packages containing malicious prefixes and reduce the impact on normal users' data acquisition when under IFA.At the same time,the router can transmit detection information to each other by sending warning packet,so as to carry out coordinated defense against IFA.Combine the IFA detection and defense methods proposed above,we do simulations in the tree topology structure and network topology structure,the experimental results show that the proposed IFA detection method is sensitive to detect the IFA attack,IFA defense method can effectively limit the malicious interest packet forwarding speed,reduce the router's PIT occupancy rate,increase the number of data packet that normal users accept.In addition,the IFA detection and defense methods proposed in this paper also have good robustness under different network topologies.