Detection And Mitigation Of Interest Flooding Attack In Named Data Networking

With the rapid development of network technology and the continuous growth of new types of applications,the communication paradigm of the Internet has gradually transformed from the resource sharing between hosts to the content distribution and retrieval.The current host-centric TCP/IP network encounters more and more problems in some aspects,such as content distribution,mobility,network security and so on.In order to fundamentally solve these problems,researchers have proposed many next-generation network architectures,among which NDN(Named Data Networking)has attracted wide attention since proposed and is considered to be one of the most promising next-generation network architectures.Although NDN is designed to be resilent to most existing DDo S attacks in current TCP/IP network,it can also be subject to new kinds of NDN-specific DDo S attacks,such as the Interest Flooding Attack(IFA)which is very easy to launch and can cause great damage to the network.At present,most existing mechanisms against IFA mainly focus on the high-rate attack scenario and may not be able to defend against a more sophisticated IFA.What's more,most existing mechanisms fail to timely detect the attack,cannot locate attack sources after an attack is detected and may also throttle the requests from legitimate consumers when taking defensive measures.In allusion to the problems above,this thesis proposes a mechanism with a central controller to detect and mitigate a more sophisticated IFA from the network-wide view.The main contents of this thesis are as follows:(1)A more sophisticated IFA scenario is proposed.After summarizing and analyzing the typical high-rate IFA scenario and the existing mechanisms against IFA,we propose a more sophisticated IFA scenario,which is referred to as SIFA,based on the pitfalls of the exsiting mechanisms and explore the characteristics of SIFA.In a SIFA,attackers control the attack speed to keep the changes of router statistics between two consecutive time intervals much more slightly,making it more difficult for existing mechanisms which focus on high-rate IFA scenairo to timely detect at the early stage of the attack.(2)A mechanism against SIFA is proposed.Considering the characteristics of SIFA and avoiding the problems of exsiting mechanisms such as high detection latency,difficulty in locating attackers and damage to legitimate requests,we propose a mechanism with a central controller to detect and mitigate SIFA from the network-wide view,dubbed as DMNWV.DMNWV aims to timely detect the attack at the early stage of the attack,and then locate attackers to take targeted measures at source to avoid throttling requests from legitimate consumers.(3)Based on the proposed DMNWV,a prototype system to detect and mitigate the SIFA is designed and implemented.In the prototype system,several kinds of NDN applications are implemented to preform the corresponding attack detection and mitigation operations respectively.And the common services shared among these applications,such as the system namespace and security mechanism,are also provided.What's more,in order to make it convenient for the users to learn how the prototype system works,a log system is implemented to display the attack-related information in each application in real time.