| As a typical Information-Centric Networking(ICN)framework,Named Data Networking(NDN)is under threat of interest flooding attack(IFA)and conspiracy interest flooding attack(CIFA).The existing feature-based detection and defense methods have the problem of using a single feature,which leads to low detection rate and unable to identify the attack types effectively.Aiming at the problems existing in the existing detection and defense methods,two aspects of research are carried out in this paper.First,the association rule based Apriori algorithm and decision tree ID3 algorithm are used to jointly detect attacks in NDN.This method firstly analyzes the content cache(CS)information of routing nodes in NDN network,and mines a new feature of CS "Cache growth rate" to increase the detection basis.Association rule algorithm is used to combine the newly mined detection features with the known detection features to find the correlation between the multiple features and input the results into the decision tree algorithm.The attack was detected successfully by decision tree algorithm.Secondly,a network traffic classification method based on K-means clustering algorithm is proposed.On the basis of mining new features,the unsupervised clustering algorithm K-means clustering algorithm is used to classify the normal network state,IFA and CIFA in NDN.In this method,packet drop rate,interest satisfaction and CS packet growth rate are taken as the characteristic index of clustering classification,and the attacks in NDN are analyzed and detected through clustering research.The simulation platform is built and the experiment is carried out.The analysis of data results shows that the new features found in this paper can effectively distinguish the attack types of IFA and CIFA.The proposed two detection methods can accurately distinguish and detect IFA and CIFA,and have high detection rate. |
PDF Full Text Request