{"title":"从全网角度检测和缓解NDN中复杂的兴趣泛洪攻击","authors":"Guang Cheng, Lixia Zhao, Xiaoyan Hu, Shaoqi Zheng, Hua Wu, Ruidong Li, Chengyu Fan","doi":"10.1109/NMIC.2019.00007","DOIUrl":null,"url":null,"abstract":"Interest Flooding Attack (IFA) is one of the main security threats for the Named Data Networking (NDN). Most of its existing countermeasures enable intermediate routers near the attackers to independently detect the attack and consider the typical attack scenario in which attackers directly send malicious Interests at a constant and relatively high rate. Moreover, they may also throttle legitimate Interests when enforcing the existing defence measures at intermediate routers as it is still difficult for them to distinguish the Interests issued by attackers from those issued by legitimate consumers. Instead, this work aims at a more sophisticated attack scenario in which attackers start the attack at a relatively lower rate but gradually speed up to keep the Pending Interest Tables (PITs) of the victims increasing to finally deplete the PIT resources for legitimate consumers. It is relatively difficult for intermediate routers to independently and timely detect such a sophisticated IFA. To solve this problem, we propose a mechanism to detect the sophisticated IFA from the network-wide view. A central controller monitors the network and makes a comprehensive and prompt decision on whether there is an ongoing IFA based on the overall state of the whole network collected from the abnormity information reports sent by the first-hop routers of attackers. Attack sources can be directly located after an IFA is determined and then the malicious Interests can be prevented from entering the network without throttling legitimate Interests. We conduct an experimental study to evaluate the performance of the proposed mechanism and explore the parameter settings of the attack detection algorithm at access routers. The experimental results validate that our mechanism can timely detect and mitigate the sophisticated IFA without throttling requests from legitimate consumers.","PeriodicalId":170708,"journal":{"name":"2019 IEEE First International Workshop on Network Meets Intelligent Computations (NMIC)","volume":"189 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Detecting and Mitigating A Sophisticated Interest Flooding Attack in NDN from the Network-Wide View\",\"authors\":\"Guang Cheng, Lixia Zhao, Xiaoyan Hu, Shaoqi Zheng, Hua Wu, Ruidong Li, Chengyu Fan\",\"doi\":\"10.1109/NMIC.2019.00007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Interest Flooding Attack (IFA) is one of the main security threats for the Named Data Networking (NDN). Most of its existing countermeasures enable intermediate routers near the attackers to independently detect the attack and consider the typical attack scenario in which attackers directly send malicious Interests at a constant and relatively high rate. Moreover, they may also throttle legitimate Interests when enforcing the existing defence measures at intermediate routers as it is still difficult for them to distinguish the Interests issued by attackers from those issued by legitimate consumers. Instead, this work aims at a more sophisticated attack scenario in which attackers start the attack at a relatively lower rate but gradually speed up to keep the Pending Interest Tables (PITs) of the victims increasing to finally deplete the PIT resources for legitimate consumers. It is relatively difficult for intermediate routers to independently and timely detect such a sophisticated IFA. To solve this problem, we propose a mechanism to detect the sophisticated IFA from the network-wide view. A central controller monitors the network and makes a comprehensive and prompt decision on whether there is an ongoing IFA based on the overall state of the whole network collected from the abnormity information reports sent by the first-hop routers of attackers. Attack sources can be directly located after an IFA is determined and then the malicious Interests can be prevented from entering the network without throttling legitimate Interests. We conduct an experimental study to evaluate the performance of the proposed mechanism and explore the parameter settings of the attack detection algorithm at access routers. The experimental results validate that our mechanism can timely detect and mitigate the sophisticated IFA without throttling requests from legitimate consumers.\",\"PeriodicalId\":170708,\"journal\":{\"name\":\"2019 IEEE First International Workshop on Network Meets Intelligent Computations (NMIC)\",\"volume\":\"189 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE First International Workshop on Network Meets Intelligent Computations (NMIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NMIC.2019.00007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE First International Workshop on Network Meets Intelligent Computations (NMIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NMIC.2019.00007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting and Mitigating A Sophisticated Interest Flooding Attack in NDN from the Network-Wide View
Interest Flooding Attack (IFA) is one of the main security threats for the Named Data Networking (NDN). Most of its existing countermeasures enable intermediate routers near the attackers to independently detect the attack and consider the typical attack scenario in which attackers directly send malicious Interests at a constant and relatively high rate. Moreover, they may also throttle legitimate Interests when enforcing the existing defence measures at intermediate routers as it is still difficult for them to distinguish the Interests issued by attackers from those issued by legitimate consumers. Instead, this work aims at a more sophisticated attack scenario in which attackers start the attack at a relatively lower rate but gradually speed up to keep the Pending Interest Tables (PITs) of the victims increasing to finally deplete the PIT resources for legitimate consumers. It is relatively difficult for intermediate routers to independently and timely detect such a sophisticated IFA. To solve this problem, we propose a mechanism to detect the sophisticated IFA from the network-wide view. A central controller monitors the network and makes a comprehensive and prompt decision on whether there is an ongoing IFA based on the overall state of the whole network collected from the abnormity information reports sent by the first-hop routers of attackers. Attack sources can be directly located after an IFA is determined and then the malicious Interests can be prevented from entering the network without throttling legitimate Interests. We conduct an experimental study to evaluate the performance of the proposed mechanism and explore the parameter settings of the attack detection algorithm at access routers. The experimental results validate that our mechanism can timely detect and mitigate the sophisticated IFA without throttling requests from legitimate consumers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
