SLP: A Secure and Lightweight Scheme Against Content Poisoning Attacks in Named Data Networking Based on Probing

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE/ACM Transactions on Networking Pub Date : 2024-09-05 DOI:10.1109/TNET.2024.3451231

Kunpeng Ding;Jiayu Yang;Kaiping Xue;Jiangping Han;Jian Li;Qibin Sun;Jun Lu

{"title":"SLP: A Secure and Lightweight Scheme Against Content Poisoning Attacks in Named Data Networking Based on Probing","authors":"Kunpeng Ding;Jiayu Yang;Kaiping Xue;Jiangping Han;Jian Li;Qibin Sun;Jun Lu","doi":"10.1109/TNET.2024.3451231","DOIUrl":null,"url":null,"abstract":"Named Data Networking (NDN) stands out as a promising Information Centric Networking architecture capable of facilitating large-scale content distribution through in-network caching and location-independent data access. However, attackers can easily inject poisoned content into the network, called content poisoning attacks, which leads to a substantial deterioration in user experience and transmission efficiency. In existing schemes, routers fail to determine the contamination source of received poisoned content, leading to the inability to accurately identify attacker nodes. Besides, attackers’ dynamic behaviors and network instability could disrupt identification results. In this paper, we propose a Secure and Lightweight scheme against content poisoning attacks based on Probing (SLP), where a proactive and reliable probing protocol is designed to identify adversaries quickly and precisely. In SLP, a router sends specifically chosen interest packets to probe a suspicious node, so that the returned corresponding content can straightly reflect its trustworthiness without other nodes’ interference. In addition, a hypothesis testing algorithm is developed to analyze the returned content, which can exclude the impact of transmission errors and adapt to dynamic attackers. Moreover, we utilize users’ feedback to avoid unnecessary probing costs on unaffected routers, with its reliability guaranteed by an efficient cuckoo-filter-based feedback validation mechanism. Security analysis shows that SLP achieves resistance against content poisoning attacks and malicious feedback. The experimental results demonstrate that SLP makes users hardly be affected by attacks and brings in only slight overhead.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"5128-5143"},"PeriodicalIF":3.0000,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM Transactions on Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10666821/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Named Data Networking (NDN) stands out as a promising Information Centric Networking architecture capable of facilitating large-scale content distribution through in-network caching and location-independent data access. However, attackers can easily inject poisoned content into the network, called content poisoning attacks, which leads to a substantial deterioration in user experience and transmission efficiency. In existing schemes, routers fail to determine the contamination source of received poisoned content, leading to the inability to accurately identify attacker nodes. Besides, attackers’ dynamic behaviors and network instability could disrupt identification results. In this paper, we propose a Secure and Lightweight scheme against content poisoning attacks based on Probing (SLP), where a proactive and reliable probing protocol is designed to identify adversaries quickly and precisely. In SLP, a router sends specifically chosen interest packets to probe a suspicious node, so that the returned corresponding content can straightly reflect its trustworthiness without other nodes’ interference. In addition, a hypothesis testing algorithm is developed to analyze the returned content, which can exclude the impact of transmission errors and adapt to dynamic attackers. Moreover, we utilize users’ feedback to avoid unnecessary probing costs on unaffected routers, with its reliability guaranteed by an efficient cuckoo-filter-based feedback validation mechanism. Security analysis shows that SLP achieves resistance against content poisoning attacks and malicious feedback. The experimental results demonstrate that SLP makes users hardly be affected by attacks and brings in only slight overhead.

查看原文本刊更多论文

SLP：一种基于探测的安全轻量级方案，用于防范命名数据网络中的内容中毒攻击

命名数据网络（NDN）作为一种很有前途的以信息为中心的网络架构脱颖而出，能够通过网络内缓存和位置无关的数据访问促进大规模内容分发。然而，攻击者很容易将有毒的内容注入网络，称为内容中毒攻击，导致用户体验和传播效率大幅下降。在现有的方案中，路由器无法确定收到的有毒内容的污染源，导致无法准确识别攻击者节点。此外，攻击者的动态行为和网络的不稳定性也会破坏识别结果。在本文中，我们提出了一种基于探测（SLP）的安全轻量级的内容中毒攻击方案，其中设计了一个主动可靠的探测协议来快速准确地识别对手。在SLP中，路由器发送特定选择的兴趣包来探测可疑节点，这样返回的相应内容可以直接反映该节点的可信度，不受其他节点的干扰。此外，提出了一种假设检验算法对返回内容进行分析，可以排除传输错误的影响，适应动态攻击者。此外，我们利用用户的反馈来避免在未受影响的路由器上不必要的探测成本，并通过有效的基于杜鹃滤波器的反馈验证机制来保证其可靠性。安全性分析表明，SLP可以抵抗内容中毒攻击和恶意反馈。实验结果表明，SLP使用户几乎不受攻击的影响，只带来很小的开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE/ACM Transactions on Networking 工程技术-电信学

CiteScore

8.20

自引率

5.40%

发文量

246

审稿时长

4-8 weeks

期刊介绍： The IEEE/ACM Transactions on Networking’s high-level objective is to publish high-quality, original research results derived from theoretical or experimental exploration of the area of communication/computer networking, covering all sorts of information transport networks over all sorts of physical layer technologies, both wireline (all kinds of guided media: e.g., copper, optical) and wireless (e.g., radio-frequency, acoustic (e.g., underwater), infra-red), or hybrids of these. The journal welcomes applied contributions reporting on novel experiences and experiments with actual systems.