Defense method and device for interest packet flooding attack in content-centric network

Abstract

The invention provides a method and device for defending interest flooding attacks in an information centric network and relates to the field of network security. The method includes: statistically counting the entropy of the names of interest packets received by a router in the information centric network after different moments according to a preset window; using a cumulative sum algorithm to process the obtained entropy to obtain the accumulative values of the entropy at different moments; judging whether the accumulative values are smaller than a preset attack detecting threshold or not, if not, judging that interest flooding attacks are detected, and using a prefix determining algorithm based on relative entropy to search the prefix set of the names of the interest packets so as to obtain attack prefixes; generating data packets containing the attack prefixes according to the attack prefixes, and transmitting the data packets to the access router where an attacker is located according to the router information of the interest packets, containing the attack prefixes, recorded in the pending interest table of the router so as to allow the access router to perform corresponding access limitation on the received interest packets according to the attack prefixes in the data packets.

Description

technical field [0001] The present invention relates to the field of network security, in particular to a defense method and device for interest packet flooding attacks in a content-centric network. Background technique [0002] The TCP / IP network architecture has demonstrated its practicability in the decades of development of the Internet, especially in the face of many upper and lower layers of new technologies and applications. However, with the development of the Internet, users' demand for services such as network mobility, content distribution, and security continues to increase, and problems in existing networks' support for mobility, content distribution, and security are gradually exposed. In order to cope with these new types of services, the academic community has proposed a new type of network architecture——Information Centric Network (ICN). As an instantiated model of ICN, Named Data Networking (NDN) is suitable for content distribution and is extremely compet...

AI Technical Summary

Problems solved by technology

[0004] The PIT-based method mainly relies on the statistics of PIT abnormal states, and there are many factors that lead to PIT abnormalities, such as normal network fluctuations, network congestion, link failures, and attacks, etc. It is difficult to judge only from the abnormal statistics of PIT Whether the network is under attack, let alone how to defend against it

If there is a false positive for the attack, it will cause immeasurable losses to the user if the normal user's request is also regarded as an attack request and restrictive measures are taken.

In addition, if the malicious interest packet is restricted only at the node where the attack is detected, it will also have a great impact on the entire downstream network

Images