The invention provides a method and device for defending interest flooding attacks in an information centric network and relates to the field of
network security. The method includes: statistically counting the entropy of the names of interest packets received by a
router in the information centric network after different moments according to a preset window; using a cumulative sum
algorithm to process the obtained entropy to obtain the accumulative values of the entropy at different moments; judging whether the accumulative values are smaller than a preset
attack detecting threshold or not, if not, judging that interest flooding attacks are detected, and using a prefix determining
algorithm based on relative entropy to search the prefix set of the names of the interest packets so as to obtain
attack prefixes; generating data packets containing the
attack prefixes according to the attack prefixes, and transmitting the data packets to the access
router where an attacker is located according to the
router information of the interest packets, containing the attack prefixes, recorded in the pending interest table of the router so as to allow the access router to perform corresponding access limitation on the received interest packets according to the attack prefixes in the data packets.