Abstract
Interest Flooding Attack (IFA) has been one of the biggest threats for the Named Data Networking (NDN) paradigm, while it is very easy to launch but very difficult to mitigate. In this paper, we propose the InterestFence, which is a simple, direct, lightweight yet efficient IFA countermeasure, and the first one to achieve fast detection meanwhile accurate and efficient attacking traffic filtering without harming any legitimate Interests. InterestFence detects IFA based on content servers rather than routers to guarantee accurate detection. All content items with the same prefix within a content server have a hash-based security label (HSL) to claim their existence, and a HSL verification method is securely transmitted to related routers to help filtering and cleaning IFA traffic in transit networks accurately and efficiently. Performance analysis demonstrates the effectiveness of InterestFence on mitigating IFA and its lightweight feature due to the limited overhead involved.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Afanasyev, A., et al.: NDNS: a DNS-like name service for NDN. In: Proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN), Vancouver, BC, Canada, pp. 1–9, July 2017
Al-Sheikh, S., Wählisch, M., Schmidt, T.C.: Revisiting countermeasures against NDN interest flooding, San Francisco, CA, USA, pp. 195–196, September 2015
Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: mitigating interest flooding DDoS attacks in named data networking, Sydney, NSW, Australia, pp. 630–638, October 2013
Compagno, A., Conti, M., Ghali, C., Tsudik, G.: To NACK or not to NACK? Negative acknowledgments in information-centric networking, Las Vegas, NV, USA, pp. 1–10, August 2015
Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: DoS and DDoS in named data networking. In: Proceedings of 22nd International Conference on Computer Communication and Networks (ICCCN), Nassau, Bahamas, pp. 1–7, October 2013
Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M., Briggs, N., Braynard, R.: Networking named content. Commun. ACM 55(1), 117–124 (2012)
Liu, X., Yang, X., Xia, Y.: NetFence: preventing internet denial of service from inside out. In: Proceedings of ACM SIGCOMM, New Delhi, India, pp. 255–266, August 2010
Mangili, M., Martignon, F., Capone, A.: Performance analysis of content-centric and content-delivery networks with evolving object popularity. Comput. Netw. 94, 80–88 (2016)
Ngai, E., Ohlman, B., Tsudik, G., Uzun, E., Wählisch, M., Wood, C.A.: Can we make a cake and eat it too? A discussion of ICN security and privacy. ACM SIGCOMM Comput. Commun. Rev. 47, 49–54 (2017)
Nguyen, T., Cogranne, R., Doyen, G.: An optimal statistical test for robust detection against interest flooding attacks in CCN, Ottawa, ON, Canada, pp. 252–260, May 2015
Salah, H., Wulfheide, J., Strufe, T.: Lightweight coordinated defence against interest flooding attacks in NDN, Hong Kong, China, pp. 103–104, April 2015
Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018). https://doi.org/10.1109/COMST.2017.2749508. ISSN 1553-877X
Wang, K., Zhou, H., Qin, Y., Chen, J., Zhang, H.: Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In: Proceedings of IEEE Globecom Workshops (GC Wkshps). Atlanta, GA, USA, pp. 963–968, December 2013
Acknowledgment
This work is supported by China Postdoctoral Science Foundation (No. 2017M620786), Shandong Provincial Natural Science Foundation, China (No. ZR2017BF018), National Natural Science Foundation of China (NSFC) (No. 61702439, 61502410, 61602399, 61672318, 61631013), Shandong Province Higher Educational Science and Technology Program (No. J16LN17) and National Key Research and Development Program (No. 2016YFB1000102).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Dong, J., Wang, K., Lyu, Y., Jiao, L., Yin, H. (2018). InterestFence: Countering Interest Flooding Attacks by Using Hash-Based Security Labels. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_39
Download citation
DOI: https://doi.org/10.1007/978-3-030-05063-4_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05062-7
Online ISBN: 978-3-030-05063-4
eBook Packages: Computer ScienceComputer Science (R0)