Abstract
Named Data Networking (NDN) is a new and attractive paradigm that got a broad interest in recent researches as a potential alternative for the existing IP-based (host-based) Internet architecture. Security is considered explicitly as one of the most critical issues about NDN. Despite that NDN architecture presents higher resilience against most existing attacks, its architecture, nevertheless, can be exploited to start a DDoS attack. In the DDoS attack, the attacker tries to create and transmit a large number of fake Interest packets to increase network congestion and thus dropping legitimate interests by NDN routers. This paper proposes a new technique to detect and mitigate DDoS attacks in NDN that depends on cooperation among NDN routers with the help of a centralized controller. The functionality of these routers depends on their positions inside the autonomous system (AS). The simulation results show that the suggested technique is effective and precise to detect the fake name prefixes and, it offers better performance comparing with the previously proposed ones.
Similar content being viewed by others
References
Ahmed, S.H., Bouk, S.H., Kim, D., Rawat, D.B., Song, H.: Named data networking for software defined vehicular networks. IEEE Commun. Magaz. 55(8), 60–66 (2017)
Dai, H., Wang, Y., Fan, J., Liu, B.: Mitigate ddos attacks in ndn by interest traceback. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 381–386 (2013)
Nguyen, T., Mai, H., Cogranne, R., Doyen, G., Mallouli, W., Nguyen, L., El Aoun, M., Montes De Oca, E., Festor, O.: Reliable detection of interest flooding attack in real deployment of named data networking. IEEE Trans. Inform. Forens. Sec. 14(9), 2470–2485 (2019)
Specht, S., Lee, R.: Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In: Proceedings of the ISCA 17th international conference on parallel and distributed computing systems, pp 543–550 (2004)
Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018)
Al-hisnawi, M., Ahmadi, M.: Qcf for deep packet inspection. IET Netw. 7(5), 346–352 (2018)
Afanasyev, A., Moiseenko, I., Zhang, L.: ndnsim: ndn simulator for ns-3 (2012)
VJDKSJDTMFPNHBRL, Braynard: Networking named content. In: CoNEXT ’09: Proceedings of the 5th international conference on Emerging networking experiments and technologies, pp 1–12 (2009)
Liu, T., Zhang, M., Zhu, J., Zheng, R., Liu, R.: Accp: adaptive congestion control protocol in named data networking based on deep learning. Neural Comput. Appl. (2018). https://doi.org/10.1007/s00521-018-3408-2
Wang, L.J., Lv, Y.Q., Moiseenko, I., Wang, D.S.: A dataflow-oriented programming interface for named data networking. J. Comput. Sci. Technol. 33, 158–168 (2018). https://doi.org/10.1007/s11390-018-1812-9
Shubbar, R., Ahmadi, M.: Efficient name matching based on a fast two-dimensional filter in named data networking. Int. J. Paral. Emerg. Distrib. Syst. 34(2), 203–221 (2019). https://doi.org/10.1080/17445760.2017.1363202
Pang, B., Li, R., Zhang, X., Shi, J., Huang, M.: Research on interest flooding attack analysis in conspiracy with content providers. pp 543–547 (2017). https://doi.org/10.1109/ICEIEC.2017.8076624
Chatterjee, T., Ruj, S., Bit, S.D.: Security issues in named data networks. Computer 51(1), 66–75 (2018)
Goergen, D., Cholez, T., François, J., Engel, T.: Security monitoring for content-centric networking. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) Data privacy management and autonomous spontaneous security, pp. 274–286. Springer, Berlin (2013)
Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: Dos and ddos in named data networking. In: 2013 22nd International Conference on Computer Communication and Networks (ICCCN), pp 1–7 (2013)
Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E., Zhang, L.: Interest flooding attack and countermeasures in named data networking. In: 2013 IFIP Networking Conference, pp 1–9 (2013)
Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: Mitigating interest flooding ddos attacks in named data networking. In: 38th Annual IEEE Conference on Local Computer Networks, pp 630–638 (2013)
Widjaja, I.: Towards a flexible resource management system for content centric networking. In: 2012 IEEE International Conference on Communications (ICC), pp 2634–2638 (2012)
Wang, K., Huachun, Z., Qin, Y., Zhang, H.: Cooperative-filter: countering interest flooding attacks in named data networking. Soft Comput. 18, 1803–1813 (2014). https://doi.org/10.1007/s00500-014-1275-z
Licheng Wang MDYY Yun Pan, Wang, K.: Economic levers for mitigating interest flooding attack in named data networking 2017, 1–12 (2017)
Xin, Y., Li, Y., Wang, W., Li, W., Chen, X.: A novel interest flooding attacks detection and countermeasure scheme in ndn. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp 1–7 (2016)
Yi, C., Afanasyev, A., Wang, L., Zhang, B., Zhang, L.: Adaptive forwarding in named data networking. Comput. Commun. Rev. (2012). https://doi.org/10.1145/2317307.2317319
Wang, K., Chen, J., Huachun, Z., Qin, Y., Zhang, H.: Modeling denial-of-service against pending interest table in named data networking. Int. J. Commun. Syst. (2014). https://doi.org/10.1002/dac.2618
Choi, S., Kim, K., Kim, S., Roh, B.: Threat of dos by interest flooding attack in content-centric networking. In: The International Conference on Information Networking 2013 (ICOIN), pp 315–319 (2013)
Tang, J., Zhang, Z., Liu, Y., Zhang, H.: Identifying interest flooding in named data networking. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp 306–310 (2013)
Wang, K., Zhou, H., Qin, Y., Chen, J., Zhang, H.: Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In: 2013 IEEE Globecom Workshops (GC Wkshps), pp 963–968 (2013)
Shinohara, R., Kamimoto, T., Sato, K., Shigeno, H.: Cache control method mitigating packet concentration of router caused by interest flooding attack. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp 324–331 (2016)
Ding, K., Liu, Y., Cho, H., Chao, H., Shih, T.: Cooperative detection and protection for interest flooding attacks in named data networking. Int. J. Commun. Syst. (2014). https://doi.org/10.1002/dac.2883
Zhi, T., Luo, H., Liu, Y.: A gini impurity-based interest flooding attack defence mechanism in ndn. IEEE Commun. Lett. 22(3), 538–541 (2018)
Virgilio, M., Marchetto, G., Sisto, R.: Interest flooding attack countermeasures assessment on content centric networking. In: 2015 12th International Conference on Information Technology - New Generations, pp 721–724 (2015)
Rai, S.DD., Sharma, K.: A survey on detection and mitigation of distributed denial-of-service attack in named data networking. In: Advances in communication, cloud, and Big Data lecture notes in networks and systems 31 (2019)
Xu, X., Wang, S., Li, Y.: Identification and predication of network attack patterns in software-defined networking. Peer-to-Peer Netw. Appl. 12(2), 337–347 (2019). https://doi.org/10.1007/s12083-017-0629-6
Salah, H., Strufe, T.: Evaluating and mitigating a collusive version of the interest flooding attack in ndn. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp 938–945 (2016)
team N (2020) https://www.named-data.net/doc/NDN-packet-spec/current/data.html, last visit( 24/4/2020)
Funding
This study has been supported by Razi University, Kermanshah, Iran.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethical Approval
This paper does not include any studies with human partners or animals done by the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alhisnawi, M., Ahmadi, M. Detecting and Mitigating DDoS Attack in Named Data Networking. J Netw Syst Manage 28, 1343–1365 (2020). https://doi.org/10.1007/s10922-020-09539-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-020-09539-8