KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Evaluating and Mitigating Malicious Data Aggregates in Named Data Networking

  • Wang, Kai (School of Computer and Control Engineering, Yantai University) ;
  • Bao, Wei (School of Architecture, Yantai University) ;
  • Wang, Yingjie (School of Computer and Control Engineering, Yantai University) ;
  • Tong, Xiangrong (School of Computer and Control Engineering, Yantai University)
  • Received : 2016.07.26
  • Accepted : 2017.06.02
  • Published : 2017.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Named Data Networking (NDN) has emerged and become one of the most promising architectures for future Internet. However, like traditional IP-based networking paradigm, NDN may not evade some typical network threats such as malicious data aggregates (MDA), which may lead to bandwidth exhaustion, traffic congestion and router overload. This paper firstly analyzes the damage effect of MDA using realistic simulations in large-scale network topology, showing that it is not just theoretical, and then designs a fine-grained MDA mitigation mechanism (MDAM) based on the cooperation between routers via alert messages. Simulations results show that MDAM can significantly reduce the Pending Interest Table overload in involved routers, and bring in normal data-returning rate and data-retrieval delay.

Keywords

References

  1. V. Jacobson, D.K. Semtters, J.D. Thornton, M.F. Plass, N. H. Briggs and R. L. Braynard, "Networking named content," Communications of the ACM, vol. 55, no. 1, pp. 117-124, January, 2012. https://doi.org/10.1145/2063176.2063204
  2. J. Kurose, "Information-Centric Networking: The Evolution from Circuits to Packets to Content," Computer Networks, vol. 66, pp. 112-120, June, 2014. https://doi.org/10.1016/j.comnet.2014.04.002
  3. S.T. Zargar, J. Joshi and D. Tipper, "A survey of defense mechanisms against Distributed Denial of Service (DDoS) Flooding Attacks," IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, March, 2013. https://doi.org/10.1109/SURV.2013.031413.00127
  4. A. Afanasyev, P. Mahadevan, E. Uzun and L. Zhang, "Interest Flooding Attack and Countermeasures in Named Data Networking," in Proc. of IFIP Networking, pp. 217-225, May 22-24, 2013.
  5. R. Tourani, T. Mick, S. Misra and G. Panwar, "Security, Privacy, and Access Control in Information-Centric Networking: A Survey," arXiv:1603.03409v2(submitted to IEEE Communications Surveys & Tutorials), pp. 1-35, September, 2016.
  6. E. G. Abdallah, H. S. Hassanein and M. Zulkernine, "A Survey of Security Attacks in Information-Centric Networking," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1441-1454, January 2015. https://doi.org/10.1109/COMST.2015.2392629
  7. S. Mastorakis, A. Afanasyev, I. Moiseenko and L. Zhang, "ndnSIM 2.0: A new version of the NDN simulator for NS-3," NDN, Technical Report NDN-0028, pp. 1-8, January, 2015.
  8. P. Gasti, G. Tsudik, E. Uzun and L. Zhang, "DoS & DDoS in Named-Data Networking," in Proc. of 22nd International Conference on Computer Communication and Networks (ICCCN), pp. 1-7, July 30 - August 2, 2013.
  9. M. Wahlisch, T. C. Schmidt and M. Vahlenkamp, "Lessons from the Past: Why Data-driven States Harm Future Information-Centric Networking," in Proc. of IFIP Networking, pp. 253-261, May 22-24, 2013.
  10. K. Wang, J. Chen, H.C. Zhou, Y.J. Qin and H.K. Zhang, "Modeling Denial-of-Service against Pending Interest Table in Named Data Networking," International Journal of Communication Systems, vol. 27, no. 12, pp. 4355-4368, December, 2014. https://doi.org/10.1002/dac.2618
  11. K. Wang, H.C. Zhou, H.B. Luo, J.F. Guan, Y.J. Qin and H.K. Zhang, "Detecting and Mitigating Interest Flooding Attacks in Content-Centric Network," Security and Communication Networks, vol. 7, no. 4, pp. 685-699, April, 2014. https://doi.org/10.1002/sec.770
  12. H. Dai, Y. Wang, J. Fan and B. Liu, "Mitigate DDoS Attacks in NDN by Interest Traceback," in Proc. of IEEE INFOCOM NOMEN Workshop, pp. 381-386, April 14-19, 2013.
  13. K. Wang, H.C. Zhou, J. Chen and Y.J. Qin, "RDAI: Router-based Data Aggregates Identification Mechanism for Named Data Networking," in Proc. of the Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 116-121, July 3-5, 2013.
  14. N. Spring, R. Mahajan and D. Wetherall, "Measuring ISP topologies with rocketfuel," IEEE/ACM Transactions on Networking (TON), vol. 12, no. 1, pp. 2-16, February, 2004.
  15. G. Carofiglio, L. Muscariello and M. Gallo, "Bandwidth and storage sharing performance in Information Centric Networking," in Proc. of ACM SIGCOMM workshop on ICN, pp. 26-31, August 15-19, 2011.