Interest flooding attack and countermeasures in Named Data Networking
Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the paths to the victim site and/or overload the victim machines. In a newly proposed future Internet architecture, Named Data Networking (NDN),...
Saved in:
| Published in | 2013 IFIP Networking Conference pp. 1 - 9 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IFIP
01.05.2013
|
| Subjects | |
| Online Access | Get full text |
Cover
| Abstract | Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the paths to the victim site and/or overload the victim machines. In a newly proposed future Internet architecture, Named Data Networking (NDN), end users request desired data by sending Interest packets, and the network delivers Data packets upon request only, effectively eliminating many existing DDoS attacks. However, an NDN network can be subject to a new type of DDoS attack, namely Interest packet flooding. In this paper we investigate effective solutions to mitigate Interest flooding. We show that NDN's inherent properties of storing per packet state on each router and maintaining flow balance (i.e., one Interest packet retrieves at most one Data packet) provides the basis for effective DDoS mitigation algorithms. Our evaluation through simulations shows that the solution can quickly and effectively respond and mitigate Interest flooding. |
|---|---|
| AbstractList | Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the paths to the victim site and/or overload the victim machines. In a newly proposed future Internet architecture, Named Data Networking (NDN), end users request desired data by sending Interest packets, and the network delivers Data packets upon request only, effectively eliminating many existing DDoS attacks. However, an NDN network can be subject to a new type of DDoS attack, namely Interest packet flooding. In this paper we investigate effective solutions to mitigate Interest flooding. We show that NDN's inherent properties of storing per packet state on each router and maintaining flow balance (i.e., one Interest packet retrieves at most one Data packet) provides the basis for effective DDoS mitigation algorithms. Our evaluation through simulations shows that the solution can quickly and effectively respond and mitigate Interest flooding. |
| Author | Afanasyev, Alexander Moiseenko, Ilya Mahadevan, Priya Uzun, Ersin Lixia Zhang |
| Author_xml | – sequence: 1 givenname: Alexander surname: Afanasyev fullname: Afanasyev, Alexander email: afanasev@cs.ucla.edu organization: Univ. of California, Los Angeles, Los Angeles, CA, USA – sequence: 2 givenname: Priya surname: Mahadevan fullname: Mahadevan, Priya email: ersin.uzun@parc.com organization: Palo Alto Res. Center, Palo Alto, CA, USA – sequence: 3 givenname: Ilya surname: Moiseenko fullname: Moiseenko, Ilya email: iliamo@cs.ucla.edu organization: Univ. of California, Los Angeles, Los Angeles, CA, USA – sequence: 4 givenname: Ersin surname: Uzun fullname: Uzun, Ersin email: priya.mahadevan@parc.com organization: Palo Alto Res. Center, Palo Alto, CA, USA – sequence: 5 surname: Lixia Zhang fullname: Lixia Zhang email: lixia@cs.ucla.edu organization: Univ. of California, Los Angeles, Los Angeles, CA, USA |
| BookMark | eNotj89KAzEYxFNQqK19Ai95gYX8cbPJsdSqhVIvvZcvyRcJ7SZlkyK-vRFlDnOY3wzMgtylnHBGFtIwrrXoezknq1KiZUIN6pkr-UC2u1RxwlJpuOTsY_qkUCu4M4Xkqcu333hEKLcG0ZjoAUb09AUq0APWrzydW-eR3Ae4FFz9-5IcX7fHzXu3_3jbbdb7LhpWO2G5M8E6HMSgwTnLvdLOgA2eBTX4Ju0lU4Z7yxigASkENr73wgrgckme_mYjIp6uUxxh-j4ppWTfzvwAcUhHdg |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 3901882553 9783901882555 |
| EndPage | 9 |
| ExternalDocumentID | 6663516 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL ALMA_UNASSIGNED_HOLDINGS CBEJK RIB RIC RIE RIL |
| ID | FETCH-LOGICAL-i90t-2b1c9fbce7278accb1d68c9abfd0f67d7d78d30691db00ae9a322ebce5d2b2a13 |
| IEDL.DBID | RIE |
| IngestDate | Wed Dec 20 05:18:46 EST 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-2b1c9fbce7278accb1d68c9abfd0f67d7d78d30691db00ae9a322ebce5d2b2a13 |
| PageCount | 9 |
| ParticipantIDs | ieee_primary_6663516 |
| PublicationCentury | 2000 |
| PublicationDate | 2013-May |
| PublicationDateYYYYMMDD | 2013-05-01 |
| PublicationDate_xml | – month: 05 year: 2013 text: 2013-May |
| PublicationDecade | 2010 |
| PublicationTitle | 2013 IFIP Networking Conference |
| PublicationTitleAbbrev | IFIPNetworking |
| PublicationYear | 2013 |
| Publisher | IFIP |
| Publisher_xml | – name: IFIP |
| SSID | ssib026764163 |
| Score | 1.9856275 |
| Snippet | Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Algorithm design and analysis Computer crime denial-of-service Information-centric networks Internet IP networks named-data networking Routing protocols YouTube |
| Title | Interest flooding attack and countermeasures in Named Data Networking |
| URI | https://ieeexplore.ieee.org/document/6663516 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwELXaTkyAWsS3PDCSUiepY8_QqkKiYihSt-psn6WqUorAXfj1PTttEYgBebHsJFYc-9758u6OsbshyV0n6VgycMJnJRaQQWWKzClLYK-xUC5F-5zKyVv5PB_OW-z-4AuDiIl8hv1YTf_y3dpuoqnsQUZ4FLLN2lWlG1-t_drJZSWjbvEjSUrCiPExe9k_vaGGrPqbYPr261fgxf8Of8J63954_PWAM6eshXWXjZIpj0Q695F6Th0cQgC74lA7njJAkMxtDICffFnzKRDu8ScIwKcN9Zvu6bHZeDR7nGS7lAjZUg9ClhthtTcWSetQYK0RTiqrwXg38LJyVJSjQ4AWjrYToAbar0jXD11uchDFGevU6xrPGXcorDFaeG-q0iqplTFgS6OwJIW7lBesG2dg8d4EvVjsXv7y7-YrdpSnPBGRCXjNOuFjgzeE1sHcps-0BQ6InAk |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwED6VMsAEqEW88cBISp2HY8_QqkAbMRSpW-VXpKpSisBZ-PWcnbYIxICyWHnJTuz77s7f3QHcZCh3DUOzpG9oGaU2kZHMVRIZrhHshU24Cdk-CzZ6TZ9m2awFt9tYGGttIJ_Znm-GvXyz0rV3ld0xD4-U7cBuhlZF3kRrbWZPzHLmtYsfZVICSgwPYLJ5f0MOWfZqp3r681fqxf924BC63_F45GWLNEfQslUHBsGZh0KdlJ58jheIdE7qJZGVIaEGBErdxgX4QRYVKSQiH3mQTpKiIX_jM12YDgfT-1G0LooQLUTfRbGiWpRKW9Q7uNRaUcO4FlKVpl-y3ODBDZoBghpcUNIKiSvW4v2ZiVUsaXIM7WpV2RMgxlKtlKBlqfJUcya4UlKnitsUVe6UnULHf4H5W5P2Yr4e_Nnfp69hbzSdjOfjx-L5HPbjUDXC8wIvoO3ea3uJ2O3UVfhlX2xpn1o |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2013+IFIP+Networking+Conference&rft.atitle=Interest+flooding+attack+and+countermeasures+in+Named+Data+Networking&rft.au=Afanasyev%2C+Alexander&rft.au=Mahadevan%2C+Priya&rft.au=Moiseenko%2C+Ilya&rft.au=Uzun%2C+Ersin&rft.date=2013-05-01&rft.pub=IFIP&rft.spage=1&rft.epage=9&rft.externalDocID=6663516 |