Identifying Interest Flooding in Named Data Networking

Named Data Networking (NDN) attracts much attention in the ongoing research area of future Internet. NDN tries to provide better security than current Internet does, and it does introduce some effective mechanisms, such as receiver-driven communication mode. However, a new type of Interest flooding attack emerges in NDN. Since routers in NDN will maintain state for Interests, a plethora of Interests may congest the network or exhaust a router's memory. In this paper, we focus on detecting and identifying Interest flooding. We propose a two-phase detection method to identify the abnormal name prefixes of the flooding Interests. It is useful to identify the flooding name prefixes for further fine-grained Interest flooding countermeasures. Our evaluation through simulations shows that our proposal is effective and accurate to find the abnormal name prefixes, and the identification time is independent of the number of abnormal name prefixes.

[1]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[2]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[3]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[4]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[5]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[6]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[7]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[8]  Diego Perino,et al.  A reality check for content centric networking , 2011, ICN '11.

[9]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[10]  Tobias Lauinger,et al.  Security & Scalability of Content-Centric Networking , 2010 .