Research On Proactive Defense Mechanism Against Interest Flooding Attack In Named Data Networking

Named Data Networking(NDN)is a representative architecture of the future Internet,and makes the distributed denial of service(DDoS)attack against for a special host in the IP network invalid,due to its name-based routing and in-network caching mechanism.However,the publish-subscribe communication mode and stateful forwarding have introduced a new DDoS attack: the Interest Flooding Attack(IFA).At present,most of the research on IFA focus on passive defense,which can only mitigate the harm caused by the attack after it occurs,and can not contain IFA at the source.This thesis aims to explore a proactive defense mechanism to increase the difficulty of launching IFAs,and detect IFA combining with neural network.The main work and innovation of this thesis are as follows:1.Aiming at the problem that the current NDN architecture lacks authentication for users,this thesis proposes a anonymous authentication method for users.The method uses identity-based encryption algorithm and identity-based signature algorithm in Identity Basesd Cryptography to realize network-to-user authentication while protecting user's private information from being leaked.The simulation results show that the authentication method can increase the difficulty of launching IFAs and effectively prevent invalid requests from entering the network.2.To address the issue that the window-based detection schemes for IFA cannot detect continuous attacks,this thesis proposes a new detection method,which is based on back propagation neural network algorithm optimized by particle swarm optimization,and combines the malicious prefix recognition method based on Gini impurity.The method can provide a better protection for the legitimate users' requests.The simulation results show that the method can accurately detect IFA: the true positive rate is higher than 91.0%,and the false positive rate is lower than 5.71%.3.After detecting the occurrence of the IFA,the router extracts the identity of the malicious user who initiated the attack.The Interest Traceback method is used to add the malicious users' identity to the edge gateways' blacklist,then the malicious request is prohibited from entering the network from the source.A hybrid proactive defense scheme for IFA is formed by combining with user authentication method and IFA detection method based on back propagation neural network algorithm optimized by particle swarm optimization.The simulation results show that the proactive defense method can more effectively defend against IFA,and the requests of legitimate users will not be affected.