TY - JOUR
T1 - MSIDN
T2 - Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking
AU - Benmoussa, Ahmed
AU - Tahari, Abdou el Karim
AU - Kerrache, Chaker Abdelaziz
AU - Lagraa, Nasreddine
AU - Lakas, Abderrahmane
AU - Hussain, Rasheed
AU - Ahmad, Farhan
N1 - Publisher Copyright:
© 2020 Elsevier B.V.
PY - 2020/6/1
Y1 - 2020/6/1
N2 - Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), where the focus of communication is the content itself rather than the source of the requested content. NDN is one of the implementations of Information-Centric Networking (ICN). Among other salient features, NDN provides intrinsic security where security is provided to the content directly, rather than securing the communication channel. However, despite promising features offered by NDN, it is still susceptible to various Denial of Service (DoS) attacks, mainly Interest Flooding Attacks (IFA). Various mitigation solutions exist in the literature; however, legitimate users and their traffic are usually affected by these solutions. In this paper, we propose a lightweight mechanism called MSIDN, to mitigate sophisticated interest flooding-based DoS and Distributed DoS (DDoS) attacks in NDN. MSIDN aims to mitigate attacks at the source of communication without affecting the legitimate users. MSIDN relies on data producers’ feedback which is used by the routers to employ precise rate-limiting and block the attackers. Extensive simulations were conducted to evaluate the proposed MSIDN in terms of its robustness during various attack scenarios, dealing with malicious traffic without affecting the legitimate requests, and mitigating attacks at the source side of the communication.
AB - Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), where the focus of communication is the content itself rather than the source of the requested content. NDN is one of the implementations of Information-Centric Networking (ICN). Among other salient features, NDN provides intrinsic security where security is provided to the content directly, rather than securing the communication channel. However, despite promising features offered by NDN, it is still susceptible to various Denial of Service (DoS) attacks, mainly Interest Flooding Attacks (IFA). Various mitigation solutions exist in the literature; however, legitimate users and their traffic are usually affected by these solutions. In this paper, we propose a lightweight mechanism called MSIDN, to mitigate sophisticated interest flooding-based DoS and Distributed DoS (DDoS) attacks in NDN. MSIDN aims to mitigate attacks at the source of communication without affecting the legitimate users. MSIDN relies on data producers’ feedback which is used by the routers to employ precise rate-limiting and block the attackers. Extensive simulations were conducted to evaluate the proposed MSIDN in terms of its robustness during various attack scenarios, dealing with malicious traffic without affecting the legitimate requests, and mitigating attacks at the source side of the communication.
KW - Denial-of-Service attacks
KW - Interest Flooding Attack
KW - Named Data Networking
KW - NDN Security
UR - http://www.scopus.com/inward/record.url?scp=85079189221&partnerID=8YFLogxK
U2 - 10.1016/j.future.2020.01.043
DO - 10.1016/j.future.2020.01.043
M3 - Article
AN - SCOPUS:85079189221
VL - 107
SP - 293
EP - 306
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
SN - 0167-739X
ER -