Mitigation measures of collusive interest flooding attacks in named data networking

Collusive interest flooding attack (CIFA) is a new type of denial of service (DoS) attack against named data networking (NDN). It evolved on the basis of interest flooding attack (IFA), which has a great adverse effect on network traffic. With the help of the collusive producer, CIFA attack can evade existing detection and defense mechanisms through low-rate attack mode. By analyzing the impact of CIFA attacks on network traffic and related attributes of PIT entries, the detection scheme based on combination of rolling time window algorithm and confidence interval is proposed. The scheme detects the network status in real time by dynamically adjusting the normal network baseline. It can solve the problems of low detection rate and high false alarm rate of the existing detection algorithms for CIFA attacks. Finally, the malicious impact of the CIFA attack on the network is reduced through the management of the PIT space. Experimental results show that this approach can effectively improve the number of data packets received by legitimate users and the overall service quality of the network in a short time. (c) 2020 Elsevier Ltd. All rights reserved.