CBIDM: Controller Based Intelligent Detection and Mitigation Approach for Interest Flooding Attack in Named Data Networking

CBIDM: Controller Based Intelligent Detection and Mitigation Approach for Interest Flooding Attack in Named Data Networking

연구 분야: Networking

학회: SN Computer Science

Named Data Networking (NDN) aims to fix the flaws of TCP/IP networks. NDN ensures provenance and integrity by requiring publishers to sign each content, which consumers can verify. This makes NDN more secure than TCP/IP. However, NDN is prone to Interest Flooding Attacks (IFA). In IFA, attackers fill the Pending Interest Tables (PITs) of NDN routers with fake entries by requesting non-existent content. Many methods have been proposed to counter IFA. Most of these methods rely on statistical thresholds, which reduce detection accuracy. Our previous work showed that using machine learning improves IFA detection accuracy. This paper introduces a Controller-Based Intelligent Detection and Mitigation (CBIDM) approach for online IFA detection. It deploys a trained Artificial Neural Network (ANN) detector on NDN routers. Additionally, a traceback-based mitigation method is applied using a central controller. The controller collects topology and attack data from each router. Routers then use this data for IFA mitigation. The proposed approach is more efficient than existing methods in terms of data packets received and satisfaction ratio.