Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), wherethe focus of communication is the content itself rather than the source of the requested content.NDN is one of the implementations of Information-Centric Networking (ICN). Among other salientfeatures, NDN provides intrinsic security where security is provided to the content directly, ratherthan securing the communication channel. However, despite promising features offered by NDN, itis still susceptible to various Denial of Service (DoS) attacks, mainly Interest Flooding Attacks (IFA).Various mitigation solutions exist in the literature; however, legitimate users and their traffic areusuallyaffectedbythesesolutions.Inthispaper,weproposealightweightmechanismcalledMSIDN,tomitigate sophisticated interest flooding-based DoS and Distributed DoS (DDoS) attacks in NDN. MSIDNaims to mitigate attacks at the source of communication without affecting the legitimate users. MSIDNrelies on data producers’ feedback which is used by the routers to employ precise rate-limiting andblock the attackers. Extensive simulations were conducted to evaluate the proposed MSIDN in termsof its robustness during various attack scenarios, dealing with malicious traffic without affecting thelegitimate requests, and mitigating attacks at the source side of the communication.
- Named Data Networking
- Denial-of-Service attacks
- Interest Flooding Attack
- NDN Security
Benmousa, A., Tahari, A. E. K., Kerrache, C. A., Lagraa, N., Lakas, A., Hussain, R., & Ahmad, F. (2020). MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking. Future Generation Computer Systems, 107, 293-306. https://doi.org/10.1016/j.future.2020.01.043