A method for relieving flooding attacks of hidden interest packets in a named data network

Abstract

The invention discloses a method for alleviating a hidden interest packet flooding attack in a named data network, which comprises the following steps: detecting the state of each interface based on an access router, and limiting the interest packet receiving speed of an attacked interface for determining the interface subjected to the interest packet flooding attack; for an interface which cannotdetermine whether the attack is an interest packet flooding attack, reporting abnormal information to the controller; the controller judges whether an interest packet flooding attack exists in the network or not according to the received abnormal information, and informs an access router of a judgment result; if the controller notifies the access router that the access router is not attacked, regarding all interfaces of the access router as normal interfaces by the access router, and ending attack defense; otherwise, the access router reads the attacked interface list from the notification message and limits the interest packet receiving speed of the malicious interface. According to the method, the existence of the hidden interest packet flooding attack can be detected in time, the attacker can be accurately and effectively positioned, then targeted defense measures are taken, and the data access request of a legal user is prevented from being damaged.

Description

technical field [0001] The invention belongs to the technical field of future network architecture, and in particular relates to a method for alleviating the flooding attack of concealed interest packets in a named data network. Background technique [0002] Named Data Networking (NDN) is one of the most promising next-generation network architectures. NDN names the content in the network, making data the core of the entire network. Network communication in NDN is driven by the receiver of the data, and the user sends an Interest packet with the name of the desired content to request the content. The intermediate router forwards the Interest packet according to the name, and the matching data packet carries the content requested by the user and returns to the requester of the content in the opposite direction of the corresponding Interest packet path. NDN supports stateful forwarding. Each NDN router needs to maintain in its PIT the state (i.e., a PIT entry) for each Inte...

AI Technical Summary

Problems solved by technology

First, the existing mechanism enables the intermediate routers close to the attacker to independently detect and defend against attacks, and focuses on the typical Interest packet flooding attack scenario, that is, the attacker directly sends unsatisfied malicious Interest packets at a fixed and high speed To carry out the attack, when a relatively hidden interest packet flood attack occurs, the performance of the existing mechanism may decrease to a certain extent, because each intermediate router makes an independent decision when attack detection and defense, which may make the attack detection time Second, because the existing mechanism cannot accurately distinguish between the Interest packets sent by attackers and the Interest packets sent by legitimate users, requests from legitimate users may be Third, since the Interest packet does not carry any information related to its sender, it is difficult for the existing mechanism to locate the attacker after the attack is detected

Images