Cooperative-Filter: countering Interest flooding attacks in named data networking

Named data networking (NDN) is an emerging networking paradigm that is considered as one of the promising candidates for next-generation Internet architecture. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on how to detect and mitigate the Interest flooding attack (IFA) in NDN, which can excessively consume the resource of each involved router by flooding too many malicious Interest packets with fake names. In this paper, to counter IFA, an architecture called Cooperative-Filter is proposed. It detects IFA using fuzzy logic, and mitigates it based on the cooperation between routers at the granularity of per-prefix-per-interface, by taking advantages of the state statistics of each router. Moreover, the performance of Cooperative-Filter is evaluated, based on both effect of it on reducing memory resource consumption of each involved router and the effect on increasing Interest satisfaction rate for legitimate users when suffering IFA as well as on decreasing the Interest-retrieving delay. Simulation results demonstrate that Cooperative-Filter can detect IFA and effectively mitigate its damage effect on NDN. To the best of our knowledge, this is the first attempt to design an IFA countermeasure embedding with fuzzy logic as well as countering IFA at the granularity of per-prefix-per-interface.

[1]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[2]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[3]  Massimo Gallo,et al.  Modeling data transfer in content-centric networking ( extended version ) , 2011 .

[4]  Alexander Afanasyev,et al.  journal homepage: www.elsevier.com/locate/comcom , 2022 .

[5]  Gene Tsudik,et al.  DoS & DDoS in Named Data Networking , 2013 .

[6]  Massimo Gallo,et al.  Modeling data transfer in content-centric networking , 2011, 2011 23rd International Teletraffic Congress (ITC).

[7]  Thomas C. Schmidt,et al.  Lessons from the past: Why data-driven states harm future information-centric networking , 2013, 2013 IFIP Networking Conference.

[8]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[9]  Vyas Sekar,et al.  LADS: Large-scale Automated DDoS Detection System , 2006, USENIX Annual Technical Conference, General Track.

[10]  Pekka Nikander,et al.  Developing Information Networking Further: From PSIRP to PURSUIT , 2010, BROADNETS.

[11]  Sasu Tarkoma,et al.  Publish/Subscribe for Internet: PSIRP Perspective , 2010, Future Internet Assembly.

[12]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[13]  Tobias Lauinger,et al.  Security & Scalability of Content-Centric Networking , 2010 .

[14]  Christian Dannewitz,et al.  NetInf: An Information-Centric Design for the Future Internet , 2013 .

[15]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[16]  Massimo Gallo,et al.  Bandwidth and storage sharing performance in information centric networking , 2011, ICN '11.

[17]  Sasu Tarkoma,et al.  LANES: an inter-domain data-oriented routing architecture , 2009, ReArch '09.

[18]  Indra Widjaja,et al.  Towards a flexible resource management system for Content Centric Networking , 2012, 2012 IEEE International Conference on Communications (ICC).

[19]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.