Detection of malicious consumer interest packet with dynamic threshold values

As a promising next-generation network architecture, named data networking (NDN) supports name-based routing and in-network caching to retrieve content in an efficient, fast, and reliable manner. Most of the studies on NDN have proposed innovative and efficient caching mechanisms and retrieval of content via efficient routing. However, very few studies have targeted addressing the vulnerabilities in NDN architecture, which a malicious node can exploit to perform a content poisoning attack (CPA). This potentially results in polluting the in-network caches, the routing of content, and consequently isolates the legitimate content in the network. In the past, several efforts have been made to propose the mitigation strategies for the content poisoning attack, but to the best of our knowledge, no specific work has been done to address an emerging attack-surface in NDN, which we call an interest flooding attack. Handling this attack-surface can potentially make content poisoning attack mitigation schemes more effective, secure, and robust. Hence, in this article, we propose the addition of a security mechanism in the CPA mitigation scheme that is, Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe, in which we block the malicious face of compromised consumers by monitoring the Cache-Miss Ratio values and the Queue Capacity at the Edge Routers. The malicious face is blocked when the cache-miss ratio hits the threshold value, which is adjusted dynamically through monitoring the cache-miss ratio and queue capacity values. The experimental results show that we are successful in mitigating the vulnerability of the CPA mitigation scheme by detecting and blocking the flooding interface, at the cost of very little verification overhead at the NDN Routers.

[1]  Célio Vinicius N. de Albuquerque,et al.  Content pollution mitigation for Content-Centric Networking , 2016, 2016 7th International Conference on the Network of the Future (NOF).

[2]  Christos Papadopoulos,et al.  Mitigating poisoned content with forwarding strategy , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[3]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[4]  Athanasios V. Vasilakos,et al.  Security of Cached Content in NDN , 2017, IEEE Transactions on Information Forensics and Security.

[5]  Tan N. Nguyen,et al.  Content Poisoning in Named Data Networking: Comprehensive characterization of real deployment , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[6]  Bin Liu,et al.  Preventing “bad” content dispersal in named data networking , 2018, China Communications.

[7]  Zhiwei Xu,et al.  What If Routers Are Malicious? Mitigating Content Poisoning Attack in NDN , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[8]  Do-hyung Kim,et al.  Content verification in Named Data Networking , 2015, 2015 International Conference on Information Networking (ICOIN).

[9]  Jian Gong,et al.  Mitigating Content Poisoning With Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe for Energy Management in Smart Cities , 2018, IEEE Access.

[10]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[11]  Lixia Zhang,et al.  An Overview of Security Support in Named Data Networking , 2018, IEEE Communications Magazine.

[12]  Sasu Tarkoma,et al.  The Publish/Subscribe Internet Routing Paradigm (PSIRP): Designing the Future Internet Architecture , 2009, Future Internet Assembly.

[13]  Ashutosh Kumar Singh,et al.  Security Attacks in Named Data Networking: A Review and Research Directions , 2019, Journal of Computer Science and Technology.

[14]  Hizbullah Khattak,et al.  A Lightweight Identity-Based Signature Scheme for Mitigation of Content Poisoning Attack in Named Data Networking With Internet of Things , 2020, IEEE Access.

[15]  Nadeem Anjum,et al.  Detection of Malicious Consumer Interest Packet while Mitigating Content Poisoning Attack with Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe , 2020, 2020 International Conference on UK-China Emerging Technologies (UCET).

[16]  Abderrahmane Lakas,et al.  MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking , 2020, Future Gener. Comput. Syst..

[17]  Ru Li,et al.  Register before Publishing with Smart Forwarding, Mitigate Content Poisoning Attack in ICN , 2019, 2019 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom).

[18]  Min Gao,et al.  Probabilistic Model Checking and Scheduling Implementation of an Energy Router System in Energy Internet for Green Cities , 2018, IEEE Transactions on Industrial Informatics.

[19]  E. Hossain Editorial: First Quarter 2015IEEE Communications Surveys and Tutorials , 2015, IEEE Commun. Surv. Tutorials.

[20]  Jun Bi,et al.  Efficient Content Verification in Named Data Networking , 2015, ICN.

[21]  Fatih Kurugollu,et al.  A Novel Congestion-Aware Interest Flooding Attacks Detection Mechanism in Named Data Networking , 2019, 2019 28th International Conference on Computer Communication and Networks (ICCCN).

[22]  Gene Tsudik,et al.  DoS & DDoS in Named Data Networking , 2013 .

[23]  Satyajayant Misra,et al.  Security, Privacy, and Access Control in Information-Centric Networking: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[24]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[25]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[26]  Gene Tsudik,et al.  Network-Layer Trust in Named-Data Networking , 2014, CCRV.