MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking

Ahmed Benmoussa, Abdou el Karim Tahari, Chaker Abdelaziz Kerrache, Nasreddine Lagraa, Abderrahmane Lakas, Rasheed Hussain, Farhan Ahmad

Research output: Contribution to journalArticlepeer-review

28 Citations (Scopus)

Abstract

Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), where the focus of communication is the content itself rather than the source of the requested content. NDN is one of the implementations of Information-Centric Networking (ICN). Among other salient features, NDN provides intrinsic security where security is provided to the content directly, rather than securing the communication channel. However, despite promising features offered by NDN, it is still susceptible to various Denial of Service (DoS) attacks, mainly Interest Flooding Attacks (IFA). Various mitigation solutions exist in the literature; however, legitimate users and their traffic are usually affected by these solutions. In this paper, we propose a lightweight mechanism called MSIDN, to mitigate sophisticated interest flooding-based DoS and Distributed DoS (DDoS) attacks in NDN. MSIDN aims to mitigate attacks at the source of communication without affecting the legitimate users. MSIDN relies on data producers’ feedback which is used by the routers to employ precise rate-limiting and block the attackers. Extensive simulations were conducted to evaluate the proposed MSIDN in terms of its robustness during various attack scenarios, dealing with malicious traffic without affecting the legitimate requests, and mitigating attacks at the source side of the communication.

Original languageEnglish
Pages (from-to)293-306
Number of pages14
JournalFuture Generation Computer Systems
Volume107
Early online date12 Feb 2020
DOIs
Publication statusPublished - 1 Jun 2020
Externally publishedYes

Cite this