Isolation Forest-Based Mechanism to Defend against Interest Flooding Attacks in Named Data Networking

Interest flooding attacks (IFAs) are widely regarded as being among the most harmful security risks in named data networking (NDN). Through an IFA, the attacker injects numerous Interest packets into a network to drain network resources such as bandwidth, caching capacity, and computational capacity, which can seriously affect the normal data content requests of legitimate consumers and degrade the network quality of service (QoS). To design a high-efficiency IFA mitigation scheme, it is critical to detect attacks accurately and rapidly. Therefore, there is high interest in developing an optimized attack detection scheme. In this study, the concept of an isolation forest (iForest) is introduced to develop an IFA detection mechanism in which the iForest construction process isolates abnormal and legitimate prefixes. This approach enables malicious prefixes to be identified among abnormal prefixes to mitigate IFAs by restricting the forwarding of malicious Interest packets. The results of extensive simulations show that the proposed iForest-based IFA detection mechanism (IFDM) outperforms other related schemes in terms of attack detection accuracy and speed and thus can offer effective support for preserving NDN QoS.

[1]  Lixia Zhang,et al.  Expect More from the Networking: DDoS Mitigation by FITT in Named Data Networking , 2019, ArXiv.

[2]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[3]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[4]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[6]  Hongbin Luo,et al.  A Gini Impurity-Based Interest Flooding Attack Defence Mechanism in NDN , 2018, IEEE Communications Letters.

[7]  Athanasios V. Vasilakos,et al.  Information-centric networking for the internet of things: challenges and opportunities , 2016, IEEE Network.

[8]  Yang Li,et al.  A Novel Interest Flooding Attacks Detection and Countermeasure Scheme in NDN , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[9]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[10]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[11]  Jing Chen,et al.  Theil-Based Countermeasure against Interest Flooding Attacks for Named Data Networks , 2019, IEEE Network.

[12]  Xirong Que,et al.  A mechanism for mitigating DoS attack in ICN-based internet of things , 2017, IML.

[13]  Athanasios V. Vasilakos,et al.  Security of Cached Content in NDN , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.