Abstract
Named Data Networking (NDN) is a prominent realization of the vision of Information-Centric Networking. The NDN architecture adopts name-based routing and location-independent data retrieval. Among other important features, NDN integrates security mechanisms and focuses on protecting the content rather than the communications channels. Along with a new architecture come new threats, and NDN is no exception. NDN is a potential target for new network attacks such as Interest Flooding Attacks (IFAs). Attackers take advantage of IFA to launch (D)DoS attacks in NDN. Many IFA detection and mitigation solutions have been proposed in the literature. However, there is no comprehensive review study of these solutions that has been proposed so far. Therefore, in this article, we propose a survey of the various IFAs with a detailed comparative study of all the relevant proposed solutions as counter-measures against IFAs. We also review the requirements for a complete and efficient IFA solution and pinpoint the various issues encountered by IFA detection and mitigation mechanisms through a series of attack scenarios. Finally, in this survey, we offer an analysis of the open issues and future research directions regarding IFAs.
- [1] Cisco Visual Networking Index: Forecast and Trends 2018–2023. 2020. Retrieved Oct. 2, 2020, from https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html.Google Scholar
- [2] NDN Data Packet. 2020. Retrieved Oct. 3, 2020, from https://named-data.net/doc/NDN-packet-spec/current/data.html.Google Scholar
- [3] NDN Packet Format Specification version 0.3. 2020. Retrieved Sept. 17, 2020, from https://named-data.net/doc/NDN-packet-spec/current/interest.html.Google Scholar
- [4] Signed Interest Packet. 2020. Retrieved Sept. 17, 2020, from https://named-data.net/doc/NDN-packet-spec/current/signed-interest.html.Google Scholar
- [5] . 2015. Denial-of-service in content centric (named data) networking: A tutorial and state-of-the-art survey. Security and Communication Networks 8, 11 (2015), 2037–2059.Google ScholarCross Ref
- [6] . 2015. A survey of security attacks in information-centric networking. IEEE Communications Surveys & Tutorials 17, 3 (2015), 1441–1454.Google ScholarDigital Library
- [7] . 2017. Controlling strategy retransmissions in named data networking. In 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS’17). IEEE, 70–81.Google Scholar
- [8] . 2016. Content-based security for the web. In Proceedings of the 2016 New Security Paradigms Workshop (NSPW’16). 49–60.Google ScholarDigital Library
- [9] . 2017. NDNS: A DNS-like name service for NDN. In 2017 26th International Conference on Computer Communication and Networks (ICCCN’17). IEEE, 1–9.Google ScholarCross Ref
- [10] . 2013. Interest flooding attack and countermeasures in named data networking. In 2013 IFIP Networking Conference (IM’13). IEEE, 1–9.Google Scholar
- [11] . 2012. A survey of information-centric networking. IEEE Communications Magazine 50, 7 (2012), 26–36.Google ScholarCross Ref
- [12] . 2015. Revisiting countermeasures against NDN interest flooding. In Proceedings of the 2nd ACM Conference on Information-centric Networking (ACM-ICN’15). 195–196.Google ScholarDigital Library
- [13] . 2020. Detecting and mitigating DDoS attack in named data networking. Journal of Network and Systems Management (2020), 1343–1356.Google ScholarDigital Library
- [14] . 2016. Neutralizing interest flooding attacks in named data networks using cryptographic route tokens. In 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA’16). IEEE, 85–88.Google Scholar
- [15] . 2018. Security and privacy analysis of national science foundation future internet architectures. IEEE Communications Surveys & Tutorials 20, 2 (2018), 1418–1442.Google ScholarCross Ref
- [16] . 2011. XIA: An architecture for an evolvable and trustworthy Internet. In Proceedings of the 10th ACM Workshop on Hot Topics in Networks (HotNets-X). 1–6.Google ScholarDigital Library
- [17] . 2013. The Nebula future internet architecture. In The Future Internet Assembly. Springer, 16–26.Google Scholar
- [18] . 2020. ChoKIFA+: An early detection and mitigation approach against interest flooding attacks in NDN. International Journal of Information Security 23, 3 (2020), 269–285.Google ScholarDigital Library
- [19] . 2019. ChoKIFA: A new detection and mitigation approach against interest flooding attacks in NDN. In International Conference on Wired/Wireless Internet Communication (WWIC’19). Springer, 53–65.Google ScholarDigital Library
- [20] . 2020. MSIDN: Mitigation of sophisticated interest flooding-based DDoS attacks in named data networking. Future Generation Computer Systems 107 (2020), 293–306.Google ScholarDigital Library
- [21] . 2019. A novel congestion-aware interest flooding attacks detection mechanism in named data networking. In 2019 28th International Conference on Computer Communication and Networks (ICCCN’19). IEEE, 1–6.Google ScholarCross Ref
- [22] . 2020. Demystifying security on NDN: A survey of existing attacks and open research challenges. In The “Essence” of Network Security: An End-to-End Panorama. Springer, 241–261.Google Scholar
- [23] . 2016. Fetching popular data from the nearest replica in NDN. In 2016 25th International Conference on Computer Communication and Networks (ICCCN’16). IEEE, 1–9.Google ScholarCross Ref
- [24] . 2017. Fuzzy interest forwarding. In Proceedings of the Asian Internet Engineering Conference (AINTEC’17). 31–37.Google ScholarDigital Library
- [25] . 1991. Towards the Future Internet Architecture. RFC 1287. https://rfc-editor.org/rfc/rfc1287.txt.Google Scholar
- [26] . 2019. Isolation forest based interest flooding attack detection mechanism in NDN. In 2019 2nd International Conference on Hot Information-centric Networking (HotICN’19). IEEE, 58–62.Google ScholarCross Ref
- [27] . 2015. A survey on security in named data networking. arXiv preprint arXiv:1512.04127 (2015).Google Scholar
- [28] . 2019. Detecting and mitigating a sophisticated interest flooding attack in NDN from the network-wide view. In 2019 IEEE 1st International Workshop on Network Meets Intelligent Computations (NMIC’19). IEEE, 7–12.Google Scholar
- [29] . 2013. Threat of DoS by interest flooding attack in content-centric networking. In The International Conference on Information Networking 2013 (ICOIN’13). IEEE, 315–319.Google ScholarDigital Library
- [30] . 2013. Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th Annual IEEE Conference on Local Computer Networks (LCN Workshops’13). IEEE, 630–638.Google ScholarCross Ref
- [31] . 2015. To NACK or not to NACK? Negative acknowledgments in information-centric networking. In 2015 24th International Conference on Computer Communication and Networks (ICCCN’15). IEEE, 1–10.Google ScholarCross Ref
- [32] . 2013. Mitigate DDoS attacks in NDN by interest traceback. In 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS’13). IEEE, 381–386.Google ScholarCross Ref
- [33] . 2017. Caching in information-centric networking: Strategies, challenges, and future research directions. IEEE Communications Surveys & Tutorials 20, 2 (2017), 1443–1474.Google ScholarCross Ref
- [34] . 2016. Cooperative detection and protection for interest flooding attacks in named data networking. International Journal of Communication Systems 29, 13 (2016), 1968–1980.Google ScholarDigital Library
- [35] . 2020. InterestFence: Simple but efficient way to counter interest flooding attack. Computers & Security 88 (2020), 101628.Google ScholarDigital Library
- [36] . 2010. Developing information networking further: From PSIRP to PURSUIT. In International Conference on Broadband Communications, Networks and Systems (BROADNETS’10). Springer, 1–13.Google Scholar
- [37] . 2011. COMET: Content mediator architecture for content-aware networks. In 2011 Future Network & Mobile Summit (FutureNetw’11). IEEE, 1–8.Google Scholar
- [38] . 2018. Content-centric and named-data networking security: The good, the bad and the rest. In 2018 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN’18). IEEE, 1–6.Google Scholar
- [39] . 2013. DoS and DDoS in named data networking. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN’13). IEEE, 1–7.Google ScholarCross Ref
- [40] . 2017. Closing the floodgate with stateless content-centric networking. In 2017 26th International Conference on Computer Communication and Networks (ICCCN’17). IEEE, 1–10.Google ScholarCross Ref
- [41] . 2018. MUCA: New routing for named data networking. In 2018 IFIP Networking Conference (IFIP Networking) and Workshops. IEEE, 289–297.Google ScholarCross Ref
- [42] . 2019. Theil-based countermeasure against interest flooding attacks for named data networks. IEEE Network 33, 3 (2019), 116–121.Google ScholarCross Ref
- [43] . 2007. Content-centric networking. Whitepaper, Palo Alto Research Center (2007), 2–4.Google Scholar
- [44] . 2009. Networking named content. In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies (CoNEXT’09). ACM, 1–12.Google ScholarDigital Library
- [45] . 2015. A hybrid multiobjective RBF-PSO method for mitigating dos attacks in named data networking. Neurocomputing 151 (2015), 1262–1282.Google ScholarCross Ref
- [46] . 2018. Security and privacy issues in vehicular named data networks: An overview. Mobile Information Systems 2018 (2018).Google ScholarCross Ref
- [47] . 2007. A data-oriented (and beyond) network architecture. In Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’07). 181–192.Google ScholarDigital Library
- [48] . 2019. Security attacks in named data networking: A review and research directions. Journal of Computer Science and Technology 34, 6 (2019), 1319–1350.Google ScholarDigital Library
- [49] . 2019. Feature selection for interest flooding attack in named data networking. International Journal of Computers and Applications 43, 6 (2019), 537–546.Google Scholar
- [50] . 2018. Supporting virtual organizations using attribute-based encryption in named data networking. In 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC’18). IEEE, 188–196.Google ScholarCross Ref
- [51] . 2016. A secure link state routing protocol for NDN. Tech. Rep. NDN-0037 (2016).Google Scholar
- [52] . 2019. A secure sign-on protocol for smart homes over named data networking. IEEE Communications Magazine 57, 7 (2019), 62–68.Google ScholarCross Ref
- [53] . 2014. Interest cash: An application-based countermeasure against interest flooding for dynamic content in named data networking. In Proceedings of the 9th International Conference on Future Internet Technologies (CFI’14). 1–6.Google ScholarDigital Library
- [54] . 2018. Packet forwarding in named data networking requirements and survey of solutions. IEEE Communications Surveys & Tutorials 21, 2 (2018), 1950–1987.Google ScholarCross Ref
- [55] . 2018. BLAM: Lightweight Bloom-filter based DDoS mitigation for information-centric IoT. In 2018 IEEE Global Communications Conference (GLOBECOM’18). IEEE, 1–7.Google ScholarDigital Library
- [56] . 2018. Accuracy or delay? A game in detecting interest flooding attacks. Internet Technology Letters 1, 2 (2018), e31.Google ScholarCross Ref
- [57] . 2016. Security and privacy in future internet architectures—Benefits and challenges of content centric networks. arXiv preprint arXiv:1601.01278 (2016).Google Scholar
- [58] . 2019. Naming content on the network layer: A security analysis of the information-centric network model. ACM Computing Surveys (CSUR) 52, 3 (2019), 1–28.Google ScholarDigital Library
- [59] . 2020. ICedge: When edge computing meets information-centric networking. IEEE Internet of Things Journal 7, 5 (2020), 4203–4217.Google ScholarCross Ref
- [60] . 2020. NDNTP: A named data networking time protocol. arXiv preprint arXiv:2007.07807 (2020).Google Scholar
- [61] . 2018. FROG: A packet hop count based DDoS countermeasure in NDN. In 2018 IEEE Symposium on Computers and Communications (ISCC’18). IEEE, 00492–00497.Google Scholar
- [62] . 2019. On the power of in-network caching in the Hadoop distributed file system. In Proceedings of the 6th ACM Conference on Information-centric Networking (ICN’19). 89–99.Google ScholarDigital Library
- [63] . 2019. Reliable detection of interest flooding attack in real deployment of named data networking. IEEE Transactions on Information Forensics and Security 14, 9 (2019), 2470–2485.Google ScholarCross Ref
- [64] . 2017. Content poisoning in named data networking: Comprehensive characterization of real deployment. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM’17). IEEE, 72–80.Google Scholar
- [65] . 2015. Detection of interest flooding attacks in named data networking using hypothesis testing. In 2015 IEEE International Workshop on Information Forensics and Security (WIFS’15). IEEE, 1–6.Google Scholar
- [66] . 2017. Research on interest flooding attack analysis in conspiracy with content providers. In 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC’17). IEEE, 543–547.Google ScholarCross Ref
- [67] . 2018. Mobile data repositories at the edge. In USENIX Workshop on Hot Topics in Edge Computing (HotEdge’18).Google Scholar
- [68] . 2019. Self-adjusting share-based countermeasure to interest flooding attack in named data networking. In 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 142–147.Google ScholarCross Ref
- [69] . 2018. A survey on detection and mitigation of interest flooding attack in named data networking. In Advanced Computational and Communication Paradigms. Springer, 523–531.Google ScholarCross Ref
- [70] . 2019. A survey on detection and mitigation of distributed denial-of-service attack in named data networking. In Advances in Communication, Cloud, and Big Data. Springer, 163–171.Google Scholar
- [71] . 2019. NDN-ABS: Attribute-based signature scheme for named data networking. In Proceedings of the 6th ACM Conference on Information-centric Networking (ICN’19). 123–133.Google ScholarDigital Library
- [72] . 2016. Evaluating and mitigating a collusive version of the interest flooding attack in NDN. In 2016 IEEE Symposium on Computers and Communication (ISCC’16). IEEE, 938–945.Google Scholar
- [73] . 2015. Coordination supports security: A new defence mechanism against interest flooding in NDN. In 2015 IEEE 40th Conference on Local Computer Networks (LCN’15). IEEE, 73–81.Google ScholarDigital Library
- [74] . 2016. A practical congestion control scheme for named data networking. In Proceedings of the 3rd ACM Conference on Information-centric Networking (ACM-ICN’16). 21–30.Google ScholarDigital Library
- [75] . 2011. Mobilityfirst future internet architecture project. In Proceedings of the 7th Asian Internet Engineering Conference (AINTEC’11). 1–3.Google ScholarDigital Library
- [76] . 2017. Breaking out of the cloud: Local trust management and rendezvous in named data networking of things. In Proceedings of the 2nd International Conference on Internet-of-Things Design and Implementation (IoTDI’17). 3–13.Google ScholarDigital Library
- [77] . 2017. Named Data Networking in Local Area Networks. Ph.D. Dissertation. The University of Arizona.Google Scholar
- [78] . 2017. On broadcast-based self-learning in named data networking. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops. IEEE, 1–9.Google ScholarCross Ref
- [79] . 2018. Distributed approach for detecting collusive interest flooding attack on named data networking. In International Conference on Network-Based Information Systems (NBiS’18). Springer, 76–86.Google Scholar
- [80] . 2016. Cache control method mitigating packet concentration of router caused by interest flooding attack. In 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, 324–331.Google ScholarCross Ref
- [81] . 2017. Advanced interest flooding attacks in named-data networking. In 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA’17). IEEE, 1–10.Google Scholar
- [82] . 2013. Named data networking on a router: Fast and DoS-resistant forwarding with hash tables. In Architectures for Networking and Communications Systems. IEEE, 215–225.Google ScholarCross Ref
- [83] . 2015. Scalable name-based packet forwarding: From millions to billions. In Proceedings of the 2nd ACM Conference on Information-centric Networking (ACM-ICN’15). 19–28.Google ScholarDigital Library
- [84] . 2013. Identifying interest flooding in named data networking. In 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing. IEEE, 306–310.Google ScholarDigital Library
- [85] . 2017. Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys & Tutorials 20, 1 (2017), 566–600.Google ScholarCross Ref
- [86] . 2020. PERSIA: A PuzzlE-based InteReSt flooding attack countermeasure. In Proceedings of the 7th ACM Conference on Information-centric Networking (ICN’20). 117–128.Google ScholarDigital Library
- [87] . 2015. Mitigating distributed denial-of-service attacks in named data networking. In Proceedings of the 11th Advanced International Conference on Telecommunications (AICT’15). 18–23.Google Scholar
- [88] . 2013. PIT overload analysis in content centric networks. In Proceedings of the 2016 New Security Paradigms Workshop (NSPW’16). 67–72.Google ScholarDigital Library
- [89] . 2017. Geohyperbolic routing and addressing schemes. ACM SIGCOMM Computer Communication Review 47, 3 (2017), 11–18.Google ScholarDigital Library
- [90] . 2016. Hop-by-hop best effort link layer reliability in named data networking. NDN, Technical Report NDN-0041 (2016).Google Scholar
- [91] . 2019. Analyzing NDN NACK on interest flooding attack via SIS epidemic model. IEEE Systems Journal 14, 2 (2019), 1862–1873.Google Scholar
- [92] . 2017. On the urgency of implementing Interest NACK into CCN: From the perspective of countering advanced interest flooding attacks. IET Networks 7, 3 (2017), 136–140.Google ScholarCross Ref
- [93] . 2014. Detecting and mitigating interest flooding attacks in content-centric network. Security and Communication Networks 7, 4 (2014), 685–699.Google ScholarDigital Library
- [94] . 2013. Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In 2013 IEEE Globecom Workshops (GC Wkshps’13). IEEE, 963–968.Google Scholar
- [95] . 2014. Cooperative-filter: Countering interest flooding attacks in named data networking. Soft Computing 18, 9 (2014), 1803–1813.Google ScholarDigital Library
- [96] . 2017. Economic levers for mitigating interest flooding attack in named data networking. Mathematical Problems in Engineering 2017 (2017).Google Scholar
- [97] . 2020. Mitigation measures of collusive interest flooding attacks in named data networking. Computers & Security 97 (2020), 101971.Google ScholarCross Ref
- [98] . 2016. A novel interest flooding attacks detection and countermeasure scheme in NDN. In 2016 IEEE Global Communications Conference (GLOBECOM’16). IEEE, 1–7.Google ScholarDigital Library
- [99] . 2017. Detection of collusive interest flooding attacks in named data networking using wavelet analysis. In 2017 IEEE Military Communications Conference (MILCOM’17). IEEE, 557–562.Google ScholarDigital Library
- [100] . 2013. A survey of information-centric networking research. IEEE Communications Surveys & Tutorials 16, 2 (2013), 1024–1049.Google ScholarCross Ref
- [101] . 2013. A case for stateful forwarding plane. Computer Communications 36, 7 (2013), 779–791.Google ScholarDigital Library
- [102] . 2019. Controller based detection scheme of interest flooding attack in named data networking. In 2019 IEEE 5th International Conference on Computer and Communications (ICCC’19). IEEE, 1628–1633.Google ScholarCross Ref
- [103] . 2015. Schematizing trust in named data networking. In Proceedings of the 2nd ACM Conference on Information-centric Networking (ACM-ICN’15). 177–186.Google ScholarDigital Library
- [104] . 2018. NDN host model. ACM SIGCOMM Computer Communication Review 48, 3 (2018), 35–41.Google ScholarDigital Library
- [105] . 2016. Sharing mhealth data via named data networking. In Proceedings of the 3rd ACM Conference on Information-centric Networking (ACM-ICN’16). 142–147.Google ScholarDigital Library
- [106] . 2014. Named data networking. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 66–73.Google ScholarDigital Library
- [107] . 2010. Named data networking (NDN) project. Relatório Técnico NDN-0001, Xerox Palo Alto Research Center-PARC 157 (2010), 158.Google Scholar
- [108] . 2015. A survey of caching mechanisms in information-centric networking. IEEE Communications Surveys & Tutorials 17, 3 (2015), 1473–1499.Google ScholarDigital Library
- [109] . 2019. An ARI-HMM based interest flooding attack countermeasure in NDN. In 2019 IEEE 23rd International Conference on Computer Supported Cooperative Work in Design (CSCWD’19). IEEE, 10–15.Google ScholarCross Ref
- [110] . 2019. Expect more from the networking: DDoS mitigation by FITT in named data networking. arXiv preprint arXiv:1902.09033 (2019).Google Scholar
- [111] . 2017. NDN certificate management protocol (NDNCERT). NDN, Technical Report NDN-0050 (2017).Google Scholar
- [112] . 2018. NAC: Automating access control via named data. In 2018 IEEE Military Communications Conference (MILCOM’18). IEEE, 626–633.Google ScholarDigital Library
- [113] . 2018. An overview of security support in named data networking. IEEE Communications Magazine 56, 11 (2018), 62–68.Google ScholarCross Ref
- [114] . 2019. Resist interest flooding attacks via entropy–SVM and Jensen–Shannon divergence in information-centric networking. IEEE Systems Journal 14, 2 (2019), 1776–1787.Google Scholar
- [115] . 2020. A reputation value-based early detection mechanism against the consumer-provider collusive attack in information-centric IoT. IEEE Access 8 (2020), 38262–38275.Google ScholarCross Ref
- [116] . 2018. A Gini impurity-based interest flooding attack defence mechanism in NDN. IEEE Communications Letters 22, 3 (2018), 538–541.Google ScholarCross Ref
Index Terms
- Interest Flooding Attacks in Named Data Networking: Survey of Existing Solutions, Open Issues, Requirements, and Future Directions
Recommendations
I-CIFA: An improved collusive interest flooding attack in named data networking
AbstractNamed Data Network (NDN) as a new network architecture, in recent years become a hot research, its security has been widespread concern. With the continuous updating of distributed denial of service (DDoS) attack methods in NDN ...
Security Attacks in Named Data Networking: A Review and Research Directions
AbstractContents such as audios, videos, and images, contribute most of the Internet traffic in the current paradigm. Secure content sharing is a tedious issue. The existing security solutions do not secure data but secure the communicating endpoints. ...
Detection of collusive interest flooding attacks in named data networking using wavelet analysis
MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)Named Data Networking (NDN) is a clean state Internet paradigm that considers some security primitives in its original design, and one of the promising candidates for the future Internet architecture. However, it may suffer from the specific threats such ...
Comments