Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking
IEEE Transactions on Information Forensics and Security
Named Data Networking (NDN) is a disruptive yet promising architecture for the future Internet, in which the content diffusion mechanisms are shifted from the conventional host-centric to content-centric ones so that the data delivery can be significantly improved. After a decade of research and development, NDN and the related NDN Forwarding Deamon (NFD) implementations are now mature enough to enable stakeholders, such as telcos, to consider them for a real deployment. Consequently, NDN and IP will likely cohabit, and the Future Internet may be formed of isolated administrative domains, each deploying one of these two network paradigms. The security question of the resulting architecture naturally arises. In this paper, we consider the case of Denial of Service. Even though the Interest Flooding Attack (IFA) has been largely studied and mitigated through NACK packets in pure NDN networks, we demonstrate in this paper through experimental assessments that there are still some ways to mount such an attack, and especially in the context of coupling NDN with IP, that can hardly be addressed by current solutions. Subsequently, we leverage hypothesis testing theory to develop a Generalized Likelihood Ratio Test (GLRT) adapted to evolved IFA attacks. Simulations show the relevance of the proposed model for guaranteeing the prescribed Probability of False Alarm (PFA) and highlights the trade-off between detection power and delay. Finally, we consider a real deployment scenario where NDN is coupled with IP to carry HTTP traffic. We show that the model of IFA attacks is not very accurate in practice and further develops a sequential detector to keep a high detection accuracy. By considering data from the testbed, we show the efficiency of the overall detection method.