基于NDN的复杂兴趣泛洪攻击实验研究

2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN) Pub Date : 2018-08-01 DOI:10.1109/HOTICN.2018.8605965

Lixia Zhao, Guang Cheng, Xiaoyan Hu, Hua Wu, J. Gong, Wang Yang, Chengyu Fan

{"title":"基于NDN的复杂兴趣泛洪攻击实验研究","authors":"Lixia Zhao, Guang Cheng, Xiaoyan Hu, Hua Wu, J. Gong, Wang Yang, Chengyu Fan","doi":"10.1109/HOTICN.2018.8605965","DOIUrl":null,"url":null,"abstract":"NDN (Named Data Networking), a promising next-generation architecture, puts named content in the first place of the network and is resilient to many existing DDoS attacks. However, Interest Flooding Attack (IFA), a typical NDN-specific DDoS attack, has been widely recognized as a serious threat to the development of NDN. The existing countermeasures against IFA mainly aim at the scenario that attackers send spoofed Interests at a fairly high rate and intermediate routers near the attackers can timely detect the attack by themselves. Instead, this work focuses on a more sophisticated scenario that carefully-crafted attackers send Interests at a respectively lower rate at the beginning but gradually speed up to keep the victims’ PIT sizes increasing to eventually deplete the PIT resource for legitimate users. We conduct an insightful experimental study of such sophisticated IFAs on a real-world network topology and our experimental results demonstrate that the statistics of intermediate routers near the attackers change more gradually and slightly in such an attack, which makes it more difficult for an intermediate router near the attackers to detect by itself. Based on the analytical results of this study, we discuss a potential detection and countermeasure mechanism against such a sophisticated IFA in which a central controller monitors the network from a global view.","PeriodicalId":243749,"journal":{"name":"2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An Insightful Experimental Study of a Sophisticated Interest Flooding Attack in NDN\",\"authors\":\"Lixia Zhao, Guang Cheng, Xiaoyan Hu, Hua Wu, J. Gong, Wang Yang, Chengyu Fan\",\"doi\":\"10.1109/HOTICN.2018.8605965\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"NDN (Named Data Networking), a promising next-generation architecture, puts named content in the first place of the network and is resilient to many existing DDoS attacks. However, Interest Flooding Attack (IFA), a typical NDN-specific DDoS attack, has been widely recognized as a serious threat to the development of NDN. The existing countermeasures against IFA mainly aim at the scenario that attackers send spoofed Interests at a fairly high rate and intermediate routers near the attackers can timely detect the attack by themselves. Instead, this work focuses on a more sophisticated scenario that carefully-crafted attackers send Interests at a respectively lower rate at the beginning but gradually speed up to keep the victims’ PIT sizes increasing to eventually deplete the PIT resource for legitimate users. We conduct an insightful experimental study of such sophisticated IFAs on a real-world network topology and our experimental results demonstrate that the statistics of intermediate routers near the attackers change more gradually and slightly in such an attack, which makes it more difficult for an intermediate router near the attackers to detect by itself. Based on the analytical results of this study, we discuss a potential detection and countermeasure mechanism against such a sophisticated IFA in which a central controller monitors the network from a global view.\",\"PeriodicalId\":243749,\"journal\":{\"name\":\"2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HOTICN.2018.8605965\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HOTICN.2018.8605965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

NDN(命名数据网络)是一种很有前途的下一代架构，它将命名内容放在网络的首位，并且能够抵御许多现有的DDoS攻击。然而，兴趣泛洪攻击(IFA)作为一种典型的针对NDN的DDoS攻击，已经被广泛认为是对NDN发展的严重威胁。现有的IFA对策主要针对攻击者以较高的速率发送欺骗的兴趣，并且攻击者附近的中间路由器能够及时检测到攻击的情况。相反，这项工作侧重于一个更复杂的场景，精心设计的攻击者在开始时以相对较低的速率发送兴趣，但逐渐加速，以保持受害者的PIT大小增加，最终耗尽合法用户的PIT资源。我们对这种复杂的IFAs在真实网络拓扑上进行了富有洞察力的实验研究，我们的实验结果表明，在这种攻击中，攻击者附近的中间路由器的统计数据变化更为缓慢和轻微，这使得攻击者附近的中间路由器更难以自己检测到。基于本研究的分析结果，我们讨论了针对这种复杂IFA的潜在检测和对策机制，其中中央控制器从全局视图监控网络。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Insightful Experimental Study of a Sophisticated Interest Flooding Attack in NDN

NDN (Named Data Networking), a promising next-generation architecture, puts named content in the first place of the network and is resilient to many existing DDoS attacks. However, Interest Flooding Attack (IFA), a typical NDN-specific DDoS attack, has been widely recognized as a serious threat to the development of NDN. The existing countermeasures against IFA mainly aim at the scenario that attackers send spoofed Interests at a fairly high rate and intermediate routers near the attackers can timely detect the attack by themselves. Instead, this work focuses on a more sophisticated scenario that carefully-crafted attackers send Interests at a respectively lower rate at the beginning but gradually speed up to keep the victims’ PIT sizes increasing to eventually deplete the PIT resource for legitimate users. We conduct an insightful experimental study of such sophisticated IFAs on a real-world network topology and our experimental results demonstrate that the statistics of intermediate routers near the attackers change more gradually and slightly in such an attack, which makes it more difficult for an intermediate router near the attackers to detect by itself. Based on the analytical results of this study, we discuss a potential detection and countermeasure mechanism against such a sophisticated IFA in which a central controller monitors the network from a global view.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)

自引率

0.00%

发文量