Abstract
The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.
Original language | English |
---|---|
Title of host publication | 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) |
Publisher | IEEE |
Number of pages | 10 |
ISBN (Electronic) | 978-1-5386-1465-5 |
ISBN (Print) | 978-1-5386-1466-2 |
DOIs | |
Publication status | Published - 1 Nov 2017 |
MoE publication type | A4 Article in a conference publication |
Event | International Symposium on Network Computing and Applications - Cambridge, United States Duration: 30 Oct 2017 → 1 Nov 2017 Conference number: 16 |
Conference
Conference | International Symposium on Network Computing and Applications |
---|---|
Abbreviated title | NCA |
Country | United States |
City | Cambridge |
Period | 30/10/2017 → 01/11/2017 |
Keywords
- Internet
- computer crime
- computer network security
- multicast communication
- security of data
- telecommunication security
- Information-Centric Networking
- Interest Flooding Attack
- advanced IFA
- advanced interest flooding attacks
- clean-slate Internet proposal
- complete attack model
- data-plane
- multicast communications
- named-data networking
- network infrastructure
- specific DDoS attack
- unsatisfiable content requests
- Computer architecture
- Electronic mail
- Monitoring
- Robustness
- Routing protocols