Abstract
The current Internet architecture is not suitable for the growing data (generated from billions of devices) and contents (stored in multiple geographical locations/data centers). There is a need for an efficient content distribution, addressing, secure data transmission, stateful forwarding, scalability, etc., in the Internet layer communication. Named data networking (NDN) that follows the content/information-centric networking architecture is seen as a promising future Internet architecture. Although the popularity of the NDN is recently increasing in the research community, the NDN environment is also vulnerable to new attacks. These new attacks target NDN core functionalities such as forwarding, caching, and naming strategies. One such exhaustive attack is the Interest Flooding Attack (IFA) that targets the forwarding strategy of NDN and creates maximum impact on the target with minimum effort. Therefore, our focus in the paper is on IFA and its existing solutions. To the best of our knowledge, this is the first in-depth survey on the existing IFA countermeasures in NDN- based networks. From the comprehensive literature review, it is evident that the IFA is devastating the NDN services and the attackers exploit the Interest Packet requests to achieve it. In this paper, the existing solutions available in the literature from 2012 to till date are categorized and these solutions are critically evaluated in terms of technique name, advantages, and limitations. Besides, the existing solutions in each category are compared against various performance metrics. Further, the challenges and the potential research direction toward the Interest Flooding Attack countermeasures are discussed in terms of achieving service availability.
Similar content being viewed by others
References
Statista: Demographics use-statistics and market data on online demographics use. https://www.statista.com/markets/424/topic/537/demographics-use/. Accessed 17 Dec 2020
Forouzan, B.A.: TCP/IP Protocol Suite. McGraw-Hill Inc, New York (2002)
Khelifi, H., Luo, S., Nour, B., Moungla, H., Faheem, Y., Hussain, R., Ksentini, A.: Named data networking in vehicular ad hoc networks: state-of-the-art and challenges. IEEE Commun. Surv. Tutor. 22(1), 320–351 (2019)
National Research Foundation (NSF). http://www.nets-fia.net/. Accessed 17 Dec 2020
Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., Claffy, K., Crowley, P., Papadopoulos, C., Wang, L., Zhang, B.: Named data networking. ACM SIGCOMM Comput. Commun. Rev. 44(3), 66–73 (2014)
Seskar, I., Nagaraja, K., Nelson, S., Raychaudhuri, D.: Mobilityfirst future internet architecture project. In: Proceedings of the 7th Asian Internet Engineering Conference, pp. 1–3 (2011)
Anderson, T., Birman, K., Broberg, R., Caesar, M., Comer, D., Cotton, C., Freedman, M.J., Haeberlen, A., Ives, Z.G., Krishnamurthy, A., et al.: The nebula future internet architecture. In: The Future Internet Assembly, pp. 16–26. Springer (2013)
Anand, A., Dogar, F., Han, D., Li, B., Lim, H., Machado, M., Wu, W., Akella, A., Andersen, D.G., Byers, J.W., et al.: Xia: An architecture for an evolvable and trustworthy internet. In: Proceedings of the 10th ACM Workshop on Hot Topics in Networks, pp. 1–6 (2011)
Wolf, T., Griffioen, J., Calvert, K.L., Dutta, R., Rouskas, G.N., Baldin, I., Nagurney, A.: Choicenet: toward an economy plane for the internet. ACM SIGCOMM Comput. Commun. Rev. 44(3), 58–65 (2014)
Arjunwadkar, D.P.: Introduction of NDN with comparison to current internet architecture based on TCP/IP. Int. J. Comput. Appl. 105(5), 10 (2014)
Kumar, N., Singh, A.K., Aleem, A., Srivastava, S.: Security attacks in named data networking: a review and research directions. J. Comput. Sci. Technol. 34(6), 1319–1350 (2019)
Ndn testbed. https://named-data.net/ndn-testbed/. Accessed 10 Aug 2021
Gusev, P., Burke, J.: Ndn-rtc: Real-time videoconferencing over named data networking. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, pp. 117–126 (2015)
Moiseenko, I., Wang, L., Zhang, L.: Consumer/producer communication with application level framing in named data networking. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, pp. 99–108 (2015)
npchat. https://github.com/named-data-mobile/ndn-photo-app/. Accessed 10 August 2021
N. D. Networking: Ndn packet format specification version 0.3. https://named-data.net/doc/NDN-packet-spec/current/interest.html. Accessed 17 Dec 2020
Lehman, V., Gawande, A., Zhang, B., Zhang, L., Aldecoa, R., Krioukov, D., Wang, L.: An experimental investigation of hyperbolic routing with a smart forwarding plane in ndn. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–10. IEEE (2016)
Wang, L., Lehman, V., Hoque, A.M., Zhang, B., Yu, Y., Zhang, L.: A secure link state routing protocol for ndn. IEEE Access 6, 10470–10482 (2018)
Chatterjee, T., Ruj, S., Bit, S.D.: Security issues in named data networks. Computer 51(1), 66–75 (2018)
Al-Sheikh, S., Wählisch, M., Schmidt, T.C.: Revisiting countermeasures against ndn interest flooding. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, pp. 195–196 (2015)
Aamir, M., Zaidi, S.M.A.: Denial-of-service in content centric (named data) networking: a tutorial and state-of-the-art survey. Secur. Commun. Netw. 8(11), 2037–2059 (2015)
Chhetry, N., Kalita, H.K.: Interest flooding attack in named data networking: a survey. ADBU J. Eng. Technol. 4, 10 (2016)
Rai, S., Dhakal, D.: A survey on detection and mitigation of interest flooding attack in named data networking. In: Advanced Computational and Communication Paradigms, pp. 523–531. Springer (2018)
Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Ndn interest flooding attacks and countermeasures. In: Annual Computer Security Applications Conference (2012)
Wang, K., Zhou, H., Qin, Y., Chen, J., Zhang, H.: Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In: 2013 IEEE Globecom Workshops (GC Wkshps). IEEE, pp. 963–968 (2013)
Wang, K., Zhou, H., Luo, H., Guan, J., Qin, Y., Zhang, H.: Detecting and mitigating interest flooding attacks in content-centric network. Secur. Commun. Netw. 7(4), 685–699 (2014)
Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: mitigating interest flooding ddos attacks in named data networking. In: 38th Annual IEEE Conference on Local Computer Networks, pp. 630–638. IEEE (2013)
Tang, J., Zhang, Z., Liu, Y., Zhang, H.: Identifying interest flooding in named data networking. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing. IEEE, pp. 306–310 (2013)
Dai, H., Wang, Y., Fan, J., Liu, B.: Mitigate ddos attacks in ndn by interest traceback. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, pp. 381–386 (2013)
Liu, G., Quan, W., Cheng, N., Wang, K., Zhang, H.: Accuracy or delay? A game in detecting interest flooding attacks. Internet Technol. Lett. 1(2), e31 (2018)
Sattar, M.U., Rehman, R.A.: Interest flooding attack mitigation in named data networking based vanets. In: 2019 International Conference on Frontiers of Information Technology (FIT), pp. 245–2454. IEEE (2019)
Benmoussa, A., el Karim Tahari, A., Lagaa, N., Lakas, A., Ahmad, F., Hussain, R., Kerrache, C.A., Kurugollu, F.: A novel congestion-aware interest flooding attacks detection mechanism in named data networking. In: 2019 28th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. IEEE (2019)
Shigeyasu, T., Sonoda, A.: Distributed approach for detecting collusive interest flooding attack on named data networking. In: International Conference on Network-Based Information Systems, pp. 76–86. Springer (2018)
Pu, C., Payne, N., Brown, J.: Self-adjusting share-based countermeasure to interest flooding attack in named data networking. In: 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 142–147. IEEE (2019)
Benarfa, A., Hassan, M., Compagno, A., Losiouk, E., Yagoubi, M.B., Conti, M.: Chokifa: A new detection and mitigation approach against interest flooding attacks in ndn. In: International Conference on Wired/Wireless Internet Communication, pp. 53–65. Springer (2019)
Benarfa, A., Hassan, M., Losiouk, E., Compagno, A., Yagoubi, M.B., Conti, M.: Chokifa+: an early detection and mitigation approach against interest flooding attacks in ndn (2019)
Benmoussa, A., el Karim Tahari, A., Kerrache, C.A., Lagraa, N., Lakas, A., Hussain, R., Ahmad, F.: Msidn: Mitigation of sophisticated interest flooding-based ddos attacks in named data networking. Future Gen. Comput. Syst. 107, 293–306 (2020)
Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E., Zhang, L.: Interest flooding attack and countermeasures in named data networking. In: 2013 IFIP Networking Conference, pp. 1–9. IEEE (2013)
Ding, K., Liu, Y., Cho, H.-H., Chao, H.-C., Shih, T.K.: Cooperative detection and protection for interest flooding attacks in named data networking. Int. J. Commun. Syst. 29(13), 1968–1980 (2016)
Nguyen, T., Cogranne, R., Doyen, G.: An optimal statistical test for robust detection against interest flooding attacks in ccn. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 252–260. IEEE (2015)
Xin, Y., Li, Y., Wang, W., Li, W., Chen, X.: A novel interest flooding attacks detection and countermeasure scheme in ndn. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–7. IEEE (2016)
Selvi, V., Shebin, R., et al.: Game theory based mitigation of interest flooding in named data network. In: 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 685–689. IEEE (2016)
Guimaraes, F., Rocha, A., Albuquerque, C., Ribeiro, I.: Modeling ndn pit to analyze the limits of timeout on the effectiveness of flooding attacks. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp. 1245–1250. IEEE (2016)
Xin, Y., Li, Y., Wang, W., Li, W., Chen, X.: Detection of collusive interest flooding attacks in named data networking using wavelet analysis. In: MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM), pp. 557–562. IEEE (2017)
Zhi, T., Luo, H., Liu, Y.: A gini impurity-based interest flooding attack defence mechanism in ndn. IEEE Commun. Lett. 22(3), 538–541 (2018)
Zhang, X., Li, R.: An ari-hmm based interest flooding attack countermeasure in ndn. In: 2019 IEEE 23rd International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 10–15. IEEE (2019)
Hou, R., Han, M., Chen, J., Hu, W., Tan, X., Luo, J., Ma, M.: Theil-based countermeasure against interest flooding attacks for named data networks. IEEE Network 33(3), 116–121 (2019)
Wu, Z., Feng, W., Yue, M., Xu, X., Liu, L.: Mitigation measures of collusive interest flooding attacks in named data networking. Comput. Secur. 97, 101971 (2020)
Salah, H., Wulfheide, J., Strufe, T.: Lightweight coordinated defence against interest flooding attacks in ndn. In: 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 103–104. IEEE (2015)
Yin, G., Tang, J., Zou, F., Wu, Y., Li, J.: Controller based detection scheme of interest flooding attack in named data networking. In: 2019 IEEE 5th International Conference on Computer and Communications (ICCC), pp. 1628–1633. IEEE (2019)
Cheng, G., Zhao, L., Hu, X., Zheng, S., Wu, H., Li, R., Fan, C.: Detecting and mitigating a sophisticated interest flooding attack in ndn from the network-wide view. In: 2019 IEEE First International Workshop on Network Meets Intelligent Computations (NMIC), pp. 7–12. IEEE (2019)
Wang, K., Zhou, H., Qin, Y., Zhang, H.: Cooperative-filter: countering interest flooding attacks in named data networking. Soft. Comput. 18(9), 1803–1813 (2014)
Kumar, N., Singh, A.K., Srivastava, S.: Evaluating machine learning algorithms for detection of interest flooding attack in named data networking. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 299–302 (2017)
Zhi, T., Liu, Y., Yan, Z.: An entropy-svm based interest flooding attack detection method in icn. In: 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall), pp. 1–5. IEEE (2018)
Chen, J., Xing, G., Cui, M., Huo, H., Hou, R.: Isolation forest based interest flooding attack detection mechanism in ndn. In: 2019 2nd International Conference on Hot Information-Centric Networking (HotICN), pp. 58–62. IEEE (2019)
Shinohara, R., Kamimoto, T., Sato, K., Shigeno, H.: Cache control method mitigating packet concentration of router caused by interest flooding attack. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 324–331. IEEE (2016)
Pang, B., Li, R., Yue, P.: Research of the interest packet popple broadcast diffusion attack in ndn vanet. In: Proceedings of the Symposium on Applied Computing, pp. 617–620 (2017)
Zhang, X., Li, R., Zhao, W., Wu, R.: Detection of malicious nodes in ndn vanet for interest packet popple broadcast diffusion attack. In: 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 114–118. IEEE (2017)
Rabari, J., Kumar, A.R.P.: Fifa: Fighting against interest flooding attack in ndn-based vanet. In: 2021 International Wireless Communications and Mobile Computing (IWCMC), pp. 1539–1544. IEEE (2021)
Buchanan, W.J., Li, S., Asif, R.: Lightweight cryptography methods. J. Cyber Secur. Technol. 1(3–4), 187–201 (2017)
Yu, Y., Afanasyev, A., Clark, D., Claffy, K., Jacobson, V., Zhang, L.: Schematizing trust in named data networking. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, pp. 177–186 (2015)
Ghali, C., Tsudik, G., Uzun, E.: In content we trust: network-layer trust in content-centric networking. IEEE/ACM Trans. Netw. 27(5), 1787–1800 (2019)
Zhang, X., Chang, K., Xiong, H., Wen, Y., Shi, G., Wang, G.: Towards name-based trust and security for content-centric network. In: 2011 19th IEEE International Conference on Network Protocols, pp. 1–6 (2011)
Nauck, D., Klawonn, F., Kruse, R.: Foundations of Neuro-Fuzzy Systems. Wiley, New York (1997)
Manimaran, P., et al.: Ndnids: An intrusion detection system for ndn based vanet. In: 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), pp. 1–5. IEEE (2020)
Mtibaa, A., Tourani, R., Misra, S., Burke, J., Zhang, L.: Towards edge computing over named data networking. In: 2018 IEEE International Conference on Edge Computing (EDGE), pp. 117–120 (2018)
Scherb, C., Emde, S., Marxer, C., Tschudin, C.: Data upload in mobile edge computing over icn. In: 2019 IEEE Globecom Workshops (GC Wkshps), pp. 1–6 (2019)
Xu, X., Feng, C., Shan, S., Zhang, T., Loo, J.: Proactive edge caching in content-centric networks with massive dynamic content requests. IEEE Access 8, 59906–59921 (2020)
Funding
Not applicable.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The Authors declares that they do not have conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jeet, R., Arun Raj Kumar, P. A survey on interest packet flooding attacks and its countermeasures in named data networking. Int. J. Inf. Secur. 21, 1163–1187 (2022). https://doi.org/10.1007/s10207-022-00591-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-022-00591-w