Detecting interest flooding attacks in NDN: A probability-based event-driven approach

Abstract

The foundational concepts of the Internet were developed in the 1960s and 1970s with the goal of interconnecting hosts using the TCP/IP architecture. While this architecture has significantly impacted communication and commerce, it struggles to accommodate the Internet’s vast user base and diverse applications. Named Data Network (NDN), a next-generation Internet architecture is designed to overcome the current TCP/IP based Internet architecture’s limitations. NDN’s basic operations make it resilient against several traditional DoS/DDoS attacks. However, NDN remains vulnerable to Interest Flooding Attack (IFA), a class of DoS attacks that can exhaust the routers’ as well as the producers’ resources to disrupt network functionality. To detect these attacks, researchers came up with a few approaches. However, existing detection techniques focus on specific IFA variants but struggle to detect other variants. To address this challenge, in this paper, we propose a statistical abnormality detection scheme to identify all variants of IFA. Additionally, we generate a comprehensive NDN traffic dataset through our experiments and use it to evaluate the performance of the detection scheme. The experimental results show that our scheme can detect all variants of IFA with high accuracy. Towards the end, we also present a sensitivity analysis study that shows the impact of varying a few parameters on the detection performance of the proposed scheme.