Top

Published in:

2019 | OriginalPaper | Chapter

ChoKIFA: A New Detection and Mitigation Approach Against Interest Flooding Attacks in NDN

Authors : Abdelmadjid Benarfa, Muhammad Hassan, Alberto Compagno, Eleonora Losiouk, Mohamed Bachir Yagoubi, Mauro Conti

Published in: Wired/Wireless Internet Communications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Named-Data Networking (NDN) is a potential Future Internet Architectures which introduces a shift from the existing host-centric IP-based Internet infrastructure towards a content-oriented one. Its design, however, can be misused to introduce a new type of DoS attack, better known as Interest Flooding Attack (IFA). In IFA, an adversary issues non-satisfiable requests in the network to saturate the Pending Interest Table(s) (PIT) of NDN routers and prevent them from properly handling the legitimate traffic. Prior solutions to mitigate this problem are not highly effective, damages the legitimate traffic, and incurs high communication overhead.

In this paper, we propose a novel mechanism for IFA detection and mitigation, aimed at reducing the memory consumption of the PIT by effectively reducing the malicious traffic that passes through each NDN router. In particular, our protocol exploits an effective management strategy on the PIT which differentially penalizes the malicious traffic by dropping both the inbound and already stored malicious traffic from the PIT. We implemented our proposed protocol on the open-source ndnSIM simulator and compared its effectiveness with the one achieved by the existing state-of-the-art. The results show that our proposed protocol effectively reduces the IFA damages, especially on the legitimate traffic, with improvements that go from 5% till 40% with respect to the existing state-of-the-art.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter IEEE 802.11 Latency Modeling with Non-IEEE 802.11 Interfering Source

next chapter Application-Level Traceroute: Adopting Mimetic Mechanisms to Increase Discovery Capabilities

We take the value of maximum probability (\(P_{max}\)) to be one.

In our simulations, we take \(w_\rho \) equal to 0.001.

Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E., Zhang, L.: Interest flooding attack and countermeasures in named data networking. In: IFIP Networking Conference, pp. 1–9. IEEE (2013)

Afanasyev, A., Moiseenko, I., Zhang, L.: ndnSIM: NDN simulator for NS-3. Technical Report NDN-0005, NDN, October 2012. http://named-data.net/techreports.html

Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: mitigating interest flooding DDoS attacks in named data networking. In: 2013 IEEE 38th Conference on Local Computer Networks (LCN), pp. 630–638. IEEE (2013)

Dai, H., Wang, Y., Fan, J., Liu, B.: Mitigate DDoS attacks in ndn by interest traceback. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 381–386. IEEE (2013)

Floyd, S., Jacobson, V.: Random early detection gateways for congestion avoidance. IEEE/ACM Trans. Netw. 1(4), 397–413 (1993)CrossRef

Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: DoS and DDoS in named data networking. In: 2013 22nd International Conference on Computer Communications and Networks (ICCCN), pp. 1–7. IEEE (2013)

Oueslati, S., Roberts, J., Sbihi, N.: Flow-aware traffic control for a content-centric network. In: 2012 Proceedings IEEE INFOCOM, pp. 2417–2425, March 2012. https://doi.org/10.1109/INFCOM.2012.6195631

Pan, R., Prabhakar, B., Psounis, K.: Choke-a stateless active queue management scheme for approximating fair bandwidth allocation. In: Proceedings of the IEEE Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2000, vol. 2, pp. 942–951. IEEE (2000)

Salah, H., Wulfheide, J., Strufe, T.: Coordination supports security: a new defence mechanism against interest flooding in NDN. In: 2015 IEEE 40th Conference on Local Computer Networks (LCN), pp. 73–81, October 2015

10.

Singla, G., Kaliyar, P.: A secure routing protocol for manets against byzantine attacks. In: Chaki, N., Meghanathan, N., Nagamalai, D. (eds.) Computer Networks and Communications (NetCom). LNEE, pp. 571–578. Springer, New York (2013). https://doi.org/10.1007/978-1-4614-6154-8_56CrossRef

11.

Spring, N., et al.: Measuring ISP topologies with Rocketfuel. IEEE/ACM Trans. Netw. 12, 2–16 (2004)CrossRef

12.

Vassilakis, V.G., Alohali, B.A., Moscholios, I., Logothetis, M.D.: Mitigating distributed denial-of-service attacks in named data networking. In: Proceedings of the 11th Advanced International Conference on Telecommunications (AICT), Brussels, Belgium, pp. 18–23 (2015)

13.

Zhang, L., et al.: Named data networking. ACM SIGCOMM Comput. Commun. Rev. 44(3), 66–73 (2014) CrossRef

Title: ChoKIFA: A New Detection and Mitigation Approach Against Interest Flooding Attacks in NDN
Authors: Abdelmadjid Benarfa
Muhammad Hassan
Alberto Compagno
Eleonora Losiouk
Mohamed Bachir Yagoubi
Mauro Conti
Publisher: Springer International Publishing
Book: Wired/Wireless Internet Communications
Print ISBN: 978-3-030-30522-2

Electronic ISBN: 978-3-030-30523-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-30523-9_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner