An Insightful Experimental Study of a Sophisticated Interest Flooding Attack in NDN

Abstract

NDN (Named Data Networking), a promising next-generation architecture, puts named content in the first place of the network and is resilient to many existing DDoS attacks. However, Interest Flooding Attack (IFA), a typical NDN-specific DDoS attack, has been widely recognized as a serious threat to the development of NDN. The existing countermeasures against IFA mainly aim at the scenario that attackers send spoofed Interests at a fairly high rate and intermediate routers near the attackers can timely detect the attack by themselves. Instead, this work focuses on a more sophisticated scenario that carefully-crafted attackers send Interests at a respectively lower rate at the beginning but gradually speed up to keep the victims’ PIT sizes increasing to eventually deplete the PIT resource for legitimate users. We conduct an insightful experimental study of such sophisticated IFAs on a real-world network topology and our experimental results demonstrate that the statistics of intermediate routers near the attackers change more gradually and slightly in such an attack, which makes it more difficult for an intermediate router near the attackers to detect by itself. Based on the analytical results of this study, we discuss a potential detection and countermeasure mechanism against such a sophisticated IFA in which a central controller monitors the network from a global view.