Research On Interest Flooding Attack Defense Technology In Content-Centric Networking

With the development of the Internet,the proportion of video traffic is increasing.The limitations and problems of the TCP/IP network structure based on the Host-to-Host communication mode are gradually exposed.In order to solve many problems exposed by the Internet today,many research institutions have begun to explore the future network of the new architecture.Content-Centric Networking(CCN)is one of the most representative ones.CCN naming data and setting Content Store(CS)throughout the router,this architecture is more able to meet the needs of users more concerned with the data itself than the location of the data.And CCN has considered security at the beginning of design.The structure of CCN router can solve most threats such as source address forgery and specific host flood attacks in traditional IP networks.However,CCN's this new architecture also brings new security threats.The biggest security threat to CCN is the Interest Flooding Attack(IFA).The IFA utilizes the feature that the router in the CCN needs to maintain the interest packet forwarding state.By flooding a large number of interest packets with malicious content names,it tries to fill some storage space,so that the router refuses to serve the interest packets sent by normal users.The IFA has the characteristics of easy launch and cause enormous hazards,how to defend against IFA is a hot issue in CCN.So far,the problem has not been solved completely.The main research work of this thesis includes:1.This thesis reviews the research status of the CCN IFA defense technology at home and abroad,analyzes and summarizes the advantages and problems of various defense technologies,compares CCN with TCP/IP network,and summarizes the unique features of CCN.The data interaction process in CCN and the principle of IFA are introduced,and the possible research directions in the future are discussed.2.In order to solve the problem of slow response time of CCN in the face of IFA,a new technique for detecting malicious content name prefix in interest packets is proposed.By letting these routers construct a special bit data packet to reply to the error interest packet,the malicious content name prefix can be notified to the network.This thesis improves the Additive Increase Multi-plicative Decrease(AIMD)algorithm.In order to explain the flow of the improved algorithm in detail,pseudo code is given to describe it,and the feasibility and security analysis of the improved IFA defense technology are carried out.3.The CCNCheck signature verification technology is researched and improved.The inadequacies of the algorithm formula of the control node signature verification probability in CCNCheck are analyzed in detail.The algorithm formula is improved by using node data traffic.A comparative experiment on the Pycharm IDE was designed and the experimental results were analyzed.The innovations of this thesis includes:1.A malicious prefix source tracing technique is proposed.According to the principle of CCN flow balance,the malicious content name prefix is detected by using CCN's own characteristics.The security analysis shows that the proposed technique can defend faster.Compared with other defense techniques,this technique reduces the computational cost of the CCN router when detecting IFA under the premise of ensuring security.2.An improved AIMD malicious interest packet forwarding suppression technique is proposed,which defends IFA by limiting the forwarding rate of malicious interest packets.The security analysis shows that the improved technology can better cooperate with the malicious prefix trace back technology to defend the IFA without putting an additional burden on the router.3.Improve the CCNCheck signature verification technology.The problem of verifying the signature of the core node with a fixed probability in the CCNCheck mechanism will affect the performance of the network.Experiments show that the improved technology can adaptively adjust the variation range of the signature verification probability according to the busyness of the node.The analysis of the experimental results shows that the technology can also defend against IFA attacks by addition the signature verification of interest packets.