IEEE Access (Jan 2022)
Detecting and Mitigating Collusive Interest Flooding Attacks in Named Data Networking
Abstract
The large expansion in network services and applications seen in the last few years requires new network architectures to satisfy an increasing number of users and enhance content delivery. Named Data Networking (NDN) has recently appeared as a new paradigm to solve many shortcomings in the current TCP/IP architecture. Its main characteristics like stateful forwarding and in-network caching made NDN networks an efficient environment for data delivery where the data is retrieved based on content names rather than IP addresses. The NDN, by its nature, defends against the well-known Distributed Denial of Service (DDoS) attacks that take place in the traditional TCP/IP architecture. However, a special kind of DDoS attack called Collusive Interest Flooding Attack (CIFA) has appeared to overwhelm the resources of NDN routers by filling their Pending Interest Tables (PIT) with long-lasting malicious entries. The network throughput and consumer satisfaction rate are highly affected by CIFA. A lightweight yet efficient stateless CIFA detection algorithm is proposed in this research utilizing the non-parametric CUSUM algorithm; a change point detection approach that detects the point in time when a transition occurs in the network. The proposed algorithm is characterized by its low computational overhead, highly accurate detection, and quick response. To detect the malicious name prefixes and eliminate the CIFA effect, a mitigation algorithm that uses the average response time vales of all name prefixes is proposed in this research. Experimental results show that this approach detects CIFA after 199.5 ms from when an attack is launched in the large-scale topology. In addition, the mitigation approach effectively reduces the PIT utilization and increases the average consumer satisfaction rate.
Keywords
