Detection Method Of New CIFA Attack In Named Data Networking

The collusive interest flooding attacks is a new type of DDo S attack for named data networking.By periodically sending short-term and high-speed attack interest packets,the attacker can effectively reduce the number of data packets received by the victim user with the assistance of the collusive producer.Because the average rate of sending attack packets from CIFA attacks is low,the CIFA attacks are more covert.The existing detection methods for attacks such as IFA were unable to detect collusion interest packets hidden in a large number of normal Interest packets in the network.Therefore,it has a lower detection rate and a higher false alarm rate.This paper studies the threats of CIFA attack on the network,and proposes detection methods for CIFA attacks.The main research focuses include three aspects: First,on the basis of analyzing the network characteristics of CIFA attacks on network throughput and PIT occupancy rate,an attack detection algorithm based on a combination of rolling time window and confidence interval is proposed.The algorithm uses the rolling time window and confidence interval to dynamically adjust the baseline of the normal network and detect the network status in real time.In order to reduce the malicious impact of CIFA attack on the network,the defense scheme of this paper is to manage the PIT space.Second,to further improve the CIFA attack mode,an improved collusive interest flooding I-CIFA(Improved CIFA)attack is proposed.I-CIFA attacks increase the effectiveness of attacks on larger network topologies.Tests show that I-CIFA attacks can cause routing nodes in the entire network topology to discard a large number of legitimate interest packets.Thirdly,this paper analyzes the different influence of I-CIFA attack on the routing nodes in different locations in the network.Combining with the existing network characteristics,the network characteristics based on the CS table are proposed.By collecting network features of different granularity and building sample set,this paper uses Pearson Coefficient to verify the correlation between the selected features and network state.Finally,the random forest algorithm after parameter tuning is used to detect the network status of NDN in real time and compare with existing algorithms.The experimental results show that the detection method based on random forest has good detection performance.