MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking

Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), where the focus of communication is the content itself rather than the source of the requested content. NDN is one of the implementations of Information-Centric Networking (ICN). Among other salient features, NDN provides intrinsic security where security is provided to the content directly, rather than securing the communication channel. However, despite promising features offered by NDN, it is still susceptible to various Denial of Service (DoS) attacks, mainly Interest Flooding Attacks (IFA). Various mitigation solutions exist in the literature; however, legitimate users and their traffic are usually affected by these solutions. In this paper, we propose a lightweight mechanism called MSIDN, to mitigate sophisticated interest flooding-based DoS and Distributed DoS (DDoS) attacks in NDN. MSIDN aims to mitigate attacks at the source of communication without affecting the legitimate users. MSIDN relies on data producers’ feedback which is used by the routers to employ precise rate-limiting and block the attackers. Extensive simulations were conducted to evaluate the proposed MSIDN in terms of its robustness during various attack scenarios, dealing with malicious traffic without affecting the legitimate requests, and mitigating attacks at the source side of the communication.