Mitigate DDoS attacks in NDN by interest traceback

@article{Dai2013MitigateDA,
  title={Mitigate DDoS attacks in NDN by interest traceback},
  author={Huichen Dai and Yi Wang and Jindou Fan and Bin Liu},
  journal={2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)},
  year={2013},
  pages={381-386}
}
  • Huichen Dai, Y. Wang, +1 author B. Liu
  • Published 14 April 2013
  • Computer Science
  • 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Current Internet is reaching the limits of its capabilities due to its function transition from host-to-host communication to content dissemination. Named Data Networking (NDN) - an instantiation of Content-Centric Networking approach, embraces this shift by stressing the content itself, rather than where it locates. NDN tries to provide better security and privacy than current Internet does, and resilience to Distributed Denial of Service (DDoS) is a significant issue. In this paper, we… 
Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking
TLDR
It is shown that an adversary with limited resources can implement such attack, having a significant impact on network performance, and Poseidon is introduced: a framework for detecting and mitigating interest flooding attacks.
Detecting and Mitigating DDoS Attack in Named Data Networking
TLDR
A new technique to detect and mitigate DDoS attacks in NDN that depends on cooperation among NDN routers with the help of a centralized controller is proposed and offers better performance comparing with the previously proposed ones.
Expect More from the Networking: DDoS Mitigation by FITT in Named Data Networking
TLDR
It is argued that NDN's architectural changes can make DDoS attacks fundamentally more difficult to launch and less effective, and FITT offers an incrementally deployable solution for service providers to effectuate the application-level remediation at the sources, which remains unattainable in today's DDoS market.
MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking
TLDR
A lightweight mechanism called MSIDN is proposed, to mitigate sophisticated interest flooding-based DoS and Distributed DoS attacks in NDN, which relies on data producers’ feedback which is used by the routers to employ precise rate-limiting and block the attackers.
Advanced interest flooding attacks in named-data networking
TLDR
This work proposes a more complete attack model and design an advanced IFA, and shows the efficiency of this novel attack scheme by extensively assessing some of the state-of-the-art countermeasures.
Interest Flooding Attack in Named Data Networking: A Survey
TLDR
This survey paper focuses on different types of possible distributed denial-of-service (DDoS) attacks and addresses Interest flooding, where an adversary with limited resources can implement this attack and significantly impact thenetwork performance and their proposed countermeasures.
Decoupling malicious Interests from Pending Interest Table to mitigate Interest Flooding Attacks
TLDR
Simulation results show DPE can significantly mitigate the damage effect of IFA on exhausting PIT's memory resource, and is the first attempt to design a security management mechanism embedding with the idea “decoupling malicious Interests from PIT” to counter IFA.
Theil-Based Countermeasure against Interest Flooding Attacks for Named Data Networks
TLDR
A TC is proposed to detect the distributions of normal and malicious interest packets in the NDN routers to further identify the IFA and the results show the efficiency of the TC for mitigating the IFAs and its advantages over other typical IFA countermeasures.
ChoKIFA+: an early detection and mitigation approach against interest flooding attacks in NDN
TLDR
A novel mechanism for IFA detection and mitigation, aimed at decreasing the memory consumption of the PIT by effectively reducing the malicious traffic that passes through each NDN router and provides an additional security wall on the edges of the network.
Evaluating and mitigating a Collusive version of the Interest Flooding Attack in NDN
  • H. Salah, T. Strufe
  • Computer Science
    2016 IEEE Symposium on Computers and Communication (ISCC)
  • 2016
TLDR
A generic defence mechanism against interest flooding attacks is developed, based on CoMon, the framework for coordination in NDN, and it is shown that the amount of dropped legitimate packets remarkably is decreased, incurring a very low signalling overhead.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 19 REFERENCES
DoS & DDoS in Named Data Networking
TLDR
This paper focuses on DoS in Named Data Networking (NDN), a specific candidate for next-generation Internet architecture designs, and investigates their variations, effects and counter-measures after identifying and analyzing several new types of attacks.
On Pending Interest Table in Named Data Networking
TLDR
A thorough study of PIT is presented and a Name Component Encoding (NCE) solution is proposed to shrink PIT size and accelerate PIT access operations, which meets the NDN design and eliminates the cumbersome synchronization problem among multiple PITs on the line-cards.
Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure
TLDR
Threats to the stability and security of the content distribution system are analyzed in theory, simulations, and practical experiments, and it is suggested that major architectural refinements are required prior to global ICN deployment in the real world.
Non-intrusive IP traceback for DDoS attacks
TLDR
A Non-Intrusive IP traceback scheme which uses sampled traffic under non-attack conditions to build and maintains caches of the valid source addresses transiting network routers, allowing for a fast traceback and the scheme is scalable due to the distribution of processing workload.
Security & Scalability of Content-Centric Networking
TLDR
This thesis analyses the architecture proposed by Content-Centric Networking from a security perspective and shows how attackers can leverage these caches to monitor what content its users are retrieving.
Network support for IP traceback
TLDR
A general purpose traceback mechanism based on probabilistic packet marking in the network that allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs).
Practical network support for IP traceback
TLDR
A general purpose traceback mechanism based on probabilistic packet marking in the network that allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs).
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
TLDR
A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Defending against denial of service attacks in Scout
TLDR
The paper describes the Escort architecture and its implementation in Scout, and reports a collection of experiments that measure the costs and benefits of using Escort to protect a web server from denial of service attacks.
Networking named content
TLDR
Content-Centric Networking (CCN) is presented which uses content chunks as a primitive---decoupling location from identity, security and access, and retrieving chunks of content by name, and simultaneously achieves scalability, security, and performance.
...
1
2
...