As a representative architecture of the future network,Named Data Networking(NDN)is content-centric and has the function of in-network caching.The cache can store the data passing through it to satisfy subsequent requests and achieve efficient content retrieval.However,in-network caching introduces security risks along with convenience.An attacker can pollute the cache by requesting near-useless content or propagating forged data to reside in the cache.The current research on cache pollution mainly focuses on content popularity and signature verification.The former will harm the interests of legitimate users.The latter is expensive for signature verification and cannot suppress attacks from the source.The purpose of this thesis is to explore a defense mechanism,which can not only reduce the authentication overhead,but also effectively restrain the attack and ensure the interests of legitimate users.The main work of this thesis are as follows.1.In response to the problem that content popularity-based schemes harm legitimate users,a cache partitioning scheme is proposed in this thesis.This scheme divides the cache into two parts,which hold content with different popularity levels.To evaluate the content popularity,the number of requests and the number of requested users are introduced.Finally,relative entropy is used to check for popularity anomalies.Simulation results show that the hit rate can be improved by about 1.5 times compared to the native NDN cache,while the request latency can be reduced by about 28%.2.Aiming at the problem of not being able to perceive the network environment in real-time and adjust the defense measures in time,a defense mechanism based on deep reinforcement learning is proposed in this thesis.The scheme trains the agent by collecting the relevant data of some routing nodes and makes the agent select actions in the action space to resist attacks.Finally,the request delay is introduced into the reward function to evaluate the agent’s action.Experiments show that the scheme can resist attacks well.The hit rate of normal users is 0.711,and the native NDN is 0.263,which is about 2.7 times higher.3.To solve the problem of the high cost of signature verification and unable to restrain the spread of forged data from the source,a defense mechanism based on reputation is proposed in this thesis.Users verify the data signature and feedback information.The intermediate node uses a bloom filter to record information and evaluate the reputation of the interface.Nodes choose whether to verify the data and the forwarding interface of interest packets according to the reputation,to reduce the cost of verification and avoid the spread of forged content.Simulation results show that the number of forged content in the network is reduced by 84% compared with the native NDN,which can effectively prevent the spread of forged content. |