Advanced interest flooding attacks in named-data networking

S. Signorello; S. Marchal; J. François; O. Festor; R. State

doi:10.1109/NCA.2017.8171325

Advanced interest flooding attacks in named-data networking

S. Signorello, S. Marchal, J. François, O. Festor, R. State

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

13 Citations (Scopus)

Abstract

The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.

Original language	English
Title of host publication	2017 IEEE 16th International Symposium on Network Computing and Applications (NCA)
Publisher	IEEE
Number of pages	10
ISBN (Electronic)	978-1-5386-1465-5
ISBN (Print)	978-1-5386-1466-2
DOIs	https://doi.org/10.1109/NCA.2017.8171325
Publication status	Published - 1 Nov 2017
MoE publication type	A4 Article in a conference publication
Event	International Symposium on Network Computing and Applications - Cambridge, United States Duration: 30 Oct 2017 → 1 Nov 2017 Conference number: 16

Conference

Conference	International Symposium on Network Computing and Applications
Abbreviated title	NCA
Country	United States
City	Cambridge
Period	30/10/2017 → 01/11/2017

Keywords

Internet
computer crime
computer network security
multicast communication
security of data
telecommunication security
Information-Centric Networking
Interest Flooding Attack
advanced IFA
advanced interest flooding attacks
clean-slate Internet proposal
complete attack model
data-plane
multicast communications
named-data networking
network infrastructure
specific DDoS attack
unsatisfiable content requests
Computer architecture
Electronic mail
Monitoring
Robustness
Routing protocols

Access to Document

10.1109/NCA.2017.8171325

Fingerprint Dive into the research topics of 'Advanced interest flooding attacks in named-data networking'. Together they form a unique fingerprint.

Cite this

@inproceedings{934c2ce3524146e185cc73affb65e2e3,

title = "Advanced interest flooding attacks in named-data networking",

abstract = "The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.",

keywords = "Internet, computer crime, computer network security, multicast communication, security of data, telecommunication security, Information-Centric Networking, Interest Flooding Attack, advanced IFA, advanced interest flooding attacks, clean-slate Internet proposal, complete attack model, data-plane, multicast communications, named-data networking, network infrastructure, specific DDoS attack, unsatisfiable content requests, Computer architecture, Electronic mail, Monitoring, Robustness, Routing protocols",

author = "S. Signorello and S. Marchal and J. Fran{\c c}ois and O. Festor and R. State",

year = "2017",

month = nov,

day = "1",

doi = "10.1109/NCA.2017.8171325",

language = "English",

isbn = "978-1-5386-1466-2",

booktitle = "2017 IEEE 16th International Symposium on Network Computing and Applications (NCA)",

publisher = "IEEE",

address = "United States",

note = "International Symposium on Network Computing and Applications, NCA ; Conference date: 30-10-2017 Through 01-11-2017",

}

TY - GEN

T1 - Advanced interest flooding attacks in named-data networking

AU - Signorello, S.

AU - Marchal, S.

AU - François, J.

AU - Festor, O.

AU - State, R.

N1 - Conference code: 16

PY - 2017/11/1

Y1 - 2017/11/1

N2 - The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.

AB - The Named-Data Networking (NDN) has emerged as a clean-slate Internet proposal on the wave of Information-Centric Networking. Although the NDN's data-plane seems to offer many advantages, e.g., native support for multicast communications and flow balance, it also makes the network infrastructure vulnerable to a specific DDoS attack, the Interest Flooding Attack (IFA). In IFAs, a botnet issuing unsatisfiable content requests can be set up effortlessly to exhaust routers' resources and cause a severe performance drop to legitimate users. So far several countermeasures have addressed this security threat, however, their efficacy was proved by means of simplistic assumptions on the attack model. Therefore, we propose a more complete attack model and design an advanced IFA. We show the efficiency of our novel attack scheme by extensively assessing some of the state-of-the-art countermeasures. Further, we release the software to perform this attack as open source tool to help design future more robust defense mechanisms.

KW - Internet

KW - computer crime

KW - computer network security

KW - multicast communication

KW - security of data

KW - telecommunication security

KW - Information-Centric Networking

KW - Interest Flooding Attack

KW - advanced IFA

KW - advanced interest flooding attacks

KW - clean-slate Internet proposal

KW - complete attack model

KW - data-plane

KW - multicast communications

KW - named-data networking

KW - network infrastructure

KW - specific DDoS attack

KW - unsatisfiable content requests

KW - Computer architecture

KW - Electronic mail

KW - Monitoring

KW - Robustness

KW - Routing protocols

U2 - 10.1109/NCA.2017.8171325

DO - 10.1109/NCA.2017.8171325

M3 - Conference contribution

SN - 978-1-5386-1466-2

BT - 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA)

PB - IEEE

T2 - International Symposium on Network Computing and Applications

Y2 - 30 October 2017 through 1 November 2017

ER -