Detecting and Mitigating DDoS Attack in Named Data Networking
- PDF / 1,540,460 Bytes
- 23 Pages / 439.37 x 666.142 pts Page_size
- 37 Downloads / 216 Views
Detecting and Mitigating DDoS Attack in Named Data Networking Mohammad Alhisnawi1 · Mahmood Ahmadi1 Received: 4 December 2019 / Revised: 5 May 2020 / Accepted: 14 May 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Named Data Networking (NDN) is a new and attractive paradigm that got a broad interest in recent researches as a potential alternative for the existing IP-based (hostbased) Internet architecture. Security is considered explicitly as one of the most critical issues about NDN. Despite that NDN architecture presents higher resilience against most existing attacks, its architecture, nevertheless, can be exploited to start a DDoS attack. In the DDoS attack, the attacker tries to create and transmit a large number of fake Interest packets to increase network congestion and thus dropping legitimate interests by NDN routers. This paper proposes a new technique to detect and mitigate DDoS attacks in NDN that depends on cooperation among NDN routers with the help of a centralized controller. The functionality of these routers depends on their positions inside the autonomous system (AS). The simulation results show that the suggested technique is effective and precise to detect the fake name prefixes and, it offers better performance comparing with the previously proposed ones. Keywords Named Data Networking Controller · Pending Interest Table · Distributed Denial of Service Attack · Interest Flooding Attack · Quotient based Cuckoo filter and Forwarding Information Base
1 Introduction With the rapid growth of modern information technologies, the practical way of the Internet has shifted from communications between hosts with exact locators to a global platform for content or service distributing. To keep pace with this trend, * Mahmood Ahmadi [email protected]; [email protected] Mohammad Alhisnawi [email protected] 1
Department of Computer Engineering and Information Technology, Razi University, Kermanshah, Iran
13
Vol.:(0123456789)
Journal of Network and Systems Management
Named Data Networking (NDN) emerges and becomes one of the most important alternatives for next-generation Internet technologies. NDN uses named data rather than Internet Protocol (IP) addresses as the “waist” of the Internet, where service and content distribution are more important than communications, just according to the new trend of modern networking technologies [1]. The most critical essential requirements for NDN are privacy and security. Distributed Denial of Service (DDoS) attacks in the existing Internet architecture exhaust the resources of a remote host or network, that way minimizing the service level to legitimate users. These kinds of attacks represent the most serious security issues because they can apply easily, difficult to restrain, and hard detect. Consequently, NDN’s resilience to these kinds of attacks gets our undivided interest. Despite that, the architecture of NDN offers higher privacy and security support than the existing Internet, DDoS attacks can
Data Loading...
