| In recent years,many scholars have started to work on new network architectures in the next-generation Internet.Named Data Networking(NDN)is a new content-oriented network architecture born in that context.It is possible that NDN will replace the traditional TCP/IP-based network architecture in the future.As a new type of network architecture,the security of NDN has also received a wide range of attention.Although most of the network attacks that exist in the TCP/IP structure are ineffective for NDN,NDN does not resist an existing DDo S attack such as the Interest Flooding Attack(IFA).Considering the harmfulness of this emerging attack pattern,this paper studies the detection and defense of IFA in NDN,and the specific work is as follows.(1)A metric for measuring the degree of network load-entropy rate of change-is proposed,and an entropy rate of change is used as an important indicator for IFA detection,and an IFA detection method based on entropy rate of change is proposed.The method first collects the characteristics of NDN interest packet request content,calculates the network entropy rate value for the current time period of the network,and dynamically updates the threshold value through a sliding window to determine whether an abnormality occurs.If an abnormality occurs,the relative entropy of the current packet growth rate distribution and the normal period distribution is calculated for further confirmation.(2)An IFA defense mechanism is proposed.Based on the characteristics of IFA proposed above and the problems of existing mechanisms such as difficulty in locating the attacker and damage to legitimate requests in defense,this paper propose an IFA defense method based on retransmission and interface rate limitation,which creates a space in the NDN node to record interest packets passing through the node,and when it is detected,it chooses three evaluation indicators that can reflect the network situation by using the specific characteristics of the network under attack to analyze the danger level of interest packets and reduce the impact on normal users' use of the network.When an IFA is detected,limit the rate of malicious interest packet interfaces,and retransmit the interest packets that can be queried in the memory space to reduce the impact on normal users and achieve the defense purpose.(3)In this paper,the network environment with different topologies is built under ndn SIM simulation platform for experiments,and it is verified that the detection method proposed in this paper can distinguish IFA from network congestion state more sensitively,and the IFA defense method can also play a better role in limiting malicious interest packets when IFA attacks are detected,while protecting normal requests from interference... |
PDF Full Text Request