DADI: Defending against distributed denial of service in information‐centric networking routing and caching

Information‐centric networking (ICN) is a new communication paradigm for the upcoming next‐generation internet (NGI). ICN is an open environment that depends on in‐network caching and focuses on contents. These attributes make ICN architectures subject to different types of routing and caching attacks. An attacker publishes invalid contents or announces malicious routes and sends malicious requests for available and unavailable contents. These types of attacks can cause distributed denial of service (DDoS) and cache pollution in ICN architectures. In this paper,we propose a Defending solution Against DDoS in ICN routing and caching (DADI) that detects and prevents these DDoS attacks. This solution allows ICN routers to differentiate between legitimate and attack behaviors in the detection phase based on threshold values. In the prevention phase, ICN routers are able to take actions against these attacks. In our experiments, we measure satisfied requests for legitimate users and cache hit ratio for ICN routers, which are evaluated over different scenarios when there are 20%, 50%, and 80% attackers with respect to legitimate users. The experiments show that the proposed solution effectively mitigates routing‐ and caching‐related DDoS attacks in ICN and enhances ICN performance in the existence of DDoS attacks.

[1]  Satyajayant Misra,et al.  Security, Privacy, and Access Control in Information-Centric Networking: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[2]  Satyajayant Misra,et al.  MuNCC: Multi-hop Neighborhood Collaborative Caching in Information Centric Networks , 2016, ICN.

[3]  Satyajayant Misra,et al.  AccConF: An Access Control Framework for Leveraging In-Network Cached Data in ICNs , 2016, ArXiv.

[4]  Aziz Mohaisen,et al.  Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures , 2015, IEEE Transactions on Dependable and Secure Computing.

[5]  Hossam S. Hassanein,et al.  Detection and Prevention of Malicious Requests in ICN Routing and Caching , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[6]  Gene Tsudik,et al.  Interest-Based Access Control for Content Centric Networks , 2015, ICN.

[7]  Ersin Uzun,et al.  An encryption-based access control framework for content-centric networking , 2015, 2015 IFIP Networking Conference (IFIP Networking).

[8]  Jonathan Loo,et al.  An integrated authentication and authorization approach for the network of information architecture , 2015, J. Netw. Comput. Appl..

[9]  Hossam S. Hassanein,et al.  A Survey of Security Attacks in Information-Centric Networking , 2015, IEEE Communications Surveys & Tutorials.

[10]  Mingwei Xu,et al.  Session-based access control in information-centric networks: Design and analyses , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[11]  Christopher A. Wood,et al.  Flexible end-to-end content security in CCN , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[12]  Hossam S. Hassanein,et al.  Countermeasures for Mitigating ICN Routing Related DDoS Attacks , 2014, SecureComm.

[13]  Nikos Fotiou,et al.  A Survey of Information-Centric Networking Research , 2014, IEEE Communications Surveys & Tutorials.

[14]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[15]  Mauro Conti,et al.  A lightweight mechanism for detection of cache pollution attacks in Named Data Networking , 2013, Comput. Networks.

[16]  Jianqing Zhang,et al.  Toward content-centric privacy in ICN: attribute-based encryption and routing , 2013, SIGCOMM 2013.

[17]  Satyajayant Misra,et al.  Secure content delivery in information-centric networks: design, implementation, and analyses , 2013, ICN '13.

[18]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[19]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[20]  Alexander Afanasyev,et al.  journal homepage: www.elsevier.com/locate/comcom , 2022 .

[21]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[22]  Emiliano De Cristofaro,et al.  Privacy in content-oriented networking: threats and countermeasures , 2012, CCRV.

[23]  Thomas C. Schmidt,et al.  Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure , 2012, Comput. Networks.

[24]  Aziz Mohaisen,et al.  Protecting access privacy of cached contents in information centric networks , 2013, ASIA CCS '13.

[25]  Fernando Almeida,et al.  Information Centric Networks - Design Issues, Principles and Approaches , 2012 .

[26]  Giannis F. Marias,et al.  Access control enforcement delegation for information-centric networking architectures , 2012, CCRV.

[27]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[28]  Mengjun Xie,et al.  Enhancing cache robustness for content-centric networking , 2012, 2012 Proceedings IEEE INFOCOM.

[29]  Ankit Singla,et al.  Information-centric networking: seeing the forest for the trees , 2011, HotNets-X.

[30]  Alexander Afanasyev,et al.  Shield: DoS filtering using traffic deflecting , 2011, 2011 19th IEEE International Conference on Network Protocols.

[31]  Scott Shenker,et al.  On preserving privacy in content-oriented networks , 2011, ICN '11.

[32]  Raj Jain,et al.  A survey of the research on future internet architectures , 2011, IEEE Communications Magazine.

[33]  Giannis F. Marias,et al.  Fighting spam in publish/subscribe networks using information ranking , 2010, 6th EURO-NGI Conference on Next Generation Internet.

[34]  Hung-Min Sun,et al.  DepenDNS: Dependable Mechanism against DNS Cache Poisoning , 2009, CANS.

[35]  J. Sachs,et al.  Private Domains in Networks of Information , 2009, 2009 IEEE International Conference on Communications Workshops.

[36]  Mun Choon Chan,et al.  A general model of probabilistic packet marking for IP traceback , 2008, ASIACCS '08.

[37]  Mohammad Zulkernine,et al.  A Distributed Defense Framework for Flooding-Based DDoS Attacks , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[38]  Xi Peng Xu,et al.  Injection of Thermoplastic Polyurethane to Fix Diamond Beads on Wire Saws , 2007 .

[39]  Songqing Chen,et al.  Does internet media traffic really follow Zipf-like distribution? , 2007, SIGMETRICS '07.

[40]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[41]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[42]  Jian Yuan,et al.  Monitoring the macroscopic effect of DDoS flooding attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[43]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[44]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[45]  Ravishankar K. Iyer,et al.  Editorial: State of the Journal Address , 2005, IEEE Trans. Dependable Secur. Comput..

[46]  Li Fan,et al.  Web caching and Zipf-like distributions: evidence and implications , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).