Detecting and Mitigating DDoS Attack in Named Data Networking

Abstract

Named Data Networking (NDN) is a new and attractive paradigm that got a broad interest in recent researches as a potential alternative for the existing IP-based (host-based) Internet architecture. Security is considered explicitly as one of the most critical issues about NDN. Despite that NDN architecture presents higher resilience against most existing attacks, its architecture, nevertheless, can be exploited to start a DDoS attack. In the DDoS attack, the attacker tries to create and transmit a large number of fake Interest packets to increase network congestion and thus dropping legitimate interests by NDN routers. This paper proposes a new technique to detect and mitigate DDoS attacks in NDN that depends on cooperation among NDN routers with the help of a centralized controller. The functionality of these routers depends on their positions inside the autonomous system (AS). The simulation results show that the suggested technique is effective and precise to detect the fake name prefixes and, it offers better performance comparing with the previously proposed ones.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

References

  1. 1.

    Ahmed, S.H., Bouk, S.H., Kim, D., Rawat, D.B., Song, H.: Named data networking for software defined vehicular networks. IEEE Commun. Magaz. 55(8), 60–66 (2017)

    Article  Google Scholar 

  2. 2.

    Dai, H., Wang, Y., Fan, J., Liu, B.: Mitigate ddos attacks in ndn by interest traceback. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 381–386 (2013)

  3. 3.

    Nguyen, T., Mai, H., Cogranne, R., Doyen, G., Mallouli, W., Nguyen, L., El Aoun, M., Montes De Oca, E., Festor, O.: Reliable detection of interest flooding attack in real deployment of named data networking. IEEE Trans. Inform. Forens. Sec. 14(9), 2470–2485 (2019)

    Article  Google Scholar 

  4. 4.

    Specht, S., Lee, R.: Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In: Proceedings of the ISCA 17th international conference on parallel and distributed computing systems, pp 543–550 (2004)

  5. 5.

    Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018)

    Article  Google Scholar 

  6. 6.

    Al-hisnawi, M., Ahmadi, M.: Qcf for deep packet inspection. IET Netw. 7(5), 346–352 (2018)

    Article  Google Scholar 

  7. 7.

    Afanasyev, A., Moiseenko, I., Zhang, L.: ndnsim: ndn simulator for ns-3 (2012)

  8. 8.

    VJDKSJDTMFPNHBRL, Braynard: Networking named content. In: CoNEXT ’09: Proceedings of the 5th international conference on Emerging networking experiments and technologies, pp 1–12 (2009)

  9. 9.

    Liu, T., Zhang, M., Zhu, J., Zheng, R., Liu, R.: Accp: adaptive congestion control protocol in named data networking based on deep learning. Neural Comput. Appl. (2018). https://doi.org/10.1007/s00521-018-3408-2

    Article  Google Scholar 

  10. 10.

    Wang, L.J., Lv, Y.Q., Moiseenko, I., Wang, D.S.: A dataflow-oriented programming interface for named data networking. J. Comput. Sci. Technol. 33, 158–168 (2018). https://doi.org/10.1007/s11390-018-1812-9

    Article  Google Scholar 

  11. 11.

    Shubbar, R., Ahmadi, M.: Efficient name matching based on a fast two-dimensional filter in named data networking. Int. J. Paral. Emerg. Distrib. Syst. 34(2), 203–221 (2019). https://doi.org/10.1080/17445760.2017.1363202

    Article  Google Scholar 

  12. 12.

    Pang, B., Li, R., Zhang, X., Shi, J., Huang, M.: Research on interest flooding attack analysis in conspiracy with content providers. pp 543–547 (2017). https://doi.org/10.1109/ICEIEC.2017.8076624

  13. 13.

    Chatterjee, T., Ruj, S., Bit, S.D.: Security issues in named data networks. Computer 51(1), 66–75 (2018)

    Article  Google Scholar 

  14. 14.

    Goergen, D., Cholez, T., François, J., Engel, T.: Security monitoring for content-centric networking. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) Data privacy management and autonomous spontaneous security, pp. 274–286. Springer, Berlin (2013)

    Google Scholar 

  15. 15.

    Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: Dos and ddos in named data networking. In: 2013 22nd International Conference on Computer Communication and Networks (ICCCN), pp 1–7 (2013)

  16. 16.

    Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E., Zhang, L.: Interest flooding attack and countermeasures in named data networking. In: 2013 IFIP Networking Conference, pp 1–9 (2013)

  17. 17.

    Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: Mitigating interest flooding ddos attacks in named data networking. In: 38th Annual IEEE Conference on Local Computer Networks, pp 630–638 (2013)

  18. 18.

    Widjaja, I.: Towards a flexible resource management system for content centric networking. In: 2012 IEEE International Conference on Communications (ICC), pp 2634–2638 (2012)

  19. 19.

    Wang, K., Huachun, Z., Qin, Y., Zhang, H.: Cooperative-filter: countering interest flooding attacks in named data networking. Soft Comput. 18, 1803–1813 (2014). https://doi.org/10.1007/s00500-014-1275-z

    Article  Google Scholar 

  20. 20.

    Licheng Wang MDYY Yun Pan, Wang, K.: Economic levers for mitigating interest flooding attack in named data networking 2017, 1–12 (2017)

  21. 21.

    Xin, Y., Li, Y., Wang, W., Li, W., Chen, X.: A novel interest flooding attacks detection and countermeasure scheme in ndn. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp 1–7 (2016)

  22. 22.

    Yi, C., Afanasyev, A., Wang, L., Zhang, B., Zhang, L.: Adaptive forwarding in named data networking. Comput. Commun. Rev. (2012). https://doi.org/10.1145/2317307.2317319

    Article  Google Scholar 

  23. 23.

    Wang, K., Chen, J., Huachun, Z., Qin, Y., Zhang, H.: Modeling denial-of-service against pending interest table in named data networking. Int. J. Commun. Syst. (2014). https://doi.org/10.1002/dac.2618

    Article  Google Scholar 

  24. 24.

    Choi, S., Kim, K., Kim, S., Roh, B.: Threat of dos by interest flooding attack in content-centric networking. In: The International Conference on Information Networking 2013 (ICOIN), pp 315–319 (2013)

  25. 25.

    Tang, J., Zhang, Z., Liu, Y., Zhang, H.: Identifying interest flooding in named data networking. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp 306–310 (2013)

  26. 26.

    Wang, K., Zhou, H., Qin, Y., Chen, J., Zhang, H.: Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In: 2013 IEEE Globecom Workshops (GC Wkshps), pp 963–968 (2013)

  27. 27.

    Shinohara, R., Kamimoto, T., Sato, K., Shigeno, H.: Cache control method mitigating packet concentration of router caused by interest flooding attack. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp 324–331 (2016)

  28. 28.

    Ding, K., Liu, Y., Cho, H., Chao, H., Shih, T.: Cooperative detection and protection for interest flooding attacks in named data networking. Int. J. Commun. Syst. (2014). https://doi.org/10.1002/dac.2883

    Article  Google Scholar 

  29. 29.

    Zhi, T., Luo, H., Liu, Y.: A gini impurity-based interest flooding attack defence mechanism in ndn. IEEE Commun. Lett. 22(3), 538–541 (2018)

    Article  Google Scholar 

  30. 30.

    Virgilio, M., Marchetto, G., Sisto, R.: Interest flooding attack countermeasures assessment on content centric networking. In: 2015 12th International Conference on Information Technology - New Generations, pp 721–724 (2015)

  31. 31.

    Rai, S.DD., Sharma, K.: A survey on detection and mitigation of distributed denial-of-service attack in named data networking. In: Advances in communication, cloud, and Big Data lecture notes in networks and systems 31 (2019)

  32. 32.

    Xu, X., Wang, S., Li, Y.: Identification and predication of network attack patterns in software-defined networking. Peer-to-Peer Netw. Appl. 12(2), 337–347 (2019). https://doi.org/10.1007/s12083-017-0629-6

    Article  Google Scholar 

  33. 33.

    Salah, H., Strufe, T.: Evaluating and mitigating a collusive version of the interest flooding attack in ndn. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp 938–945 (2016)

  34. 34.

    team N (2020) https://www.named-data.net/doc/NDN-packet-spec/current/data.html, last visit( 24/4/2020)

Download references

Funding

This study has been supported by Razi University, Kermanshah, Iran.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Mahmood Ahmadi.

Ethics declarations

Ethical Approval

This paper does not include any studies with human partners or animals done by the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Alhisnawi, M., Ahmadi, M. Detecting and Mitigating DDoS Attack in Named Data Networking. J Netw Syst Manage 28, 1343–1365 (2020). https://doi.org/10.1007/s10922-020-09539-8

Download citation

Keywords

  • Named Data Networking Controller
  • Pending Interest Table
  • Distributed Denial of Service Attack
  • Interest Flooding Attack
  • Quotient based Cuckoo filter and Forwarding Information Base