命名数据网络中基于包标记的Interest泛洪攻击缓解研究
Research on interest flooding attack mitigation based on packet marking in NDN
投稿时间:2020-10-31  修订日期:2020-10-31
DOI:
中文关键词: 命名数据网络  Interest泛洪攻击  包标记  攻击溯源
英文关键词: Named Data Networking  Interest Flooding Attack  packet marking  attack traceability
基金项目:
作者单位E-mail
邢光林 中南民族大学 glxing@scuec.edu.cn 
陈璟 中南民族大学 chenijng_stu@163.com 
余俊乐 中南民族大学  
侯睿 中南民族大学  
摘要点击次数: 130
全文下载次数: 0
中文摘要:
      命名数据网络因其关注请求对象本身而非地址并具有网间缓存等特点,得到了学术界的肯定和广泛的研究。但在Interest泛洪攻击中,攻击者恶意占用PIT表等资源,拒绝对合法用户服务,从而使网络遭受严重危害。针对基于熵的Interest泛洪攻击防御方案在定位攻击源、网络开销方面存在的不足,提出一种基于包标记的缓解方法。在该方法中,Interest包携带边缘路由器信息,在检测到攻击并找出恶意前缀后对攻击源进行定位,然后向下游路由器发送溯源数据包,对攻击者采取限制措施。仿真结果表明,本文方法可以更加精确的定位攻击源并有效的降低网络中的开销。
英文摘要:
      Named data networking (NDN) has been recognized and widely studied by academic circles because it pays attention to the request object itself rather than the address and has the characteristics of inter-network cache. However, in Interest Flooding Attack (IFA), the attacker maliciously occupies resources such as the pending interest table (PIT) and refuses to serve legitimate users, thus causing serious harm to the network. Aiming at the deficiency of entropy-based IFA defense scheme in locating attack source and network overhead, a mitigation method based on packet marking is proposed. In this method, the Interest packet carries the information of the edge router, locates the attack source after detecting the attack and finding the malicious prefix, and then sends traceable packets to the downstream routers to take restrictive measures against the attacker. Simulation results show that this method can locate the attack source more accurately and effectively reduce the overhead in the network.
View Fulltext   查看/发表评论  下载PDF阅读器
关闭