Detection And Mitigation Of Interest Flooding Attacks In Information Centric Networks

Information-Centric Networking(ICN)is believed to be one of the most promising technologies in the next-generation network.The contentcentric design of ICN overcomes many difficulties in the traditional network architecture as well as meets the needs of future networks for efficiency,mobility and security.Among the various implementations of ICN,Named Data Networking(NDN)is most representative.Despite of these advantages,new security issues arise in ICN.The interest flooding attack is one of them.It is a typical kind of denial-of-service attack in named data networks.It is easy to deploy and difficult to detect and mitigate.In this paper,two methods are proposed to detect and mitigate this attack.Firstly,we use Tsallis entropy to describe the confusion of the name distribution requested.Mutation detection algorithms are then used to detect the attack.Besides,we introduce a controller to the network so that the detection and mitigation can be realized from a more global aspect.Simulation experiments are conducted using ndn SIM,a popular NDN simulator.Both the effectiveness and limitations of the two methods are analyzed.The results demonstrate that both methods are efficient under a stable network situation and a high attacking rate.The controller-based method shows higher stability under more complicated scenarios.