Premium
Accuracy or delay? A game in detecting interest flooding attacks
Author(s) -
Liu Gang,
Quan Wei,
Cheng Nan,
Wang Kai,
Zhang Hongke
Publication year - 2018
Publication title -
internet technology letters
Language(s) - English
Resource type - Journals
ISSN - 2476-1508
DOI - 10.1002/itl2.31
Subject(s) - computer science , flooding (psychology) , network packet , computer network , router , computer security , real time computing , psychology , psychotherapist
Due to the continuous recording of forwarding states, Information‐centric networking (ICN) introduces a new security threat named interest flooding attack. To mitigate this attack, most of the existing works focus on the detecting accuracy. However, we find another important factor that the detecting delay may result in long‐term memory occupation. In this letter, aiming to balance the detecting accuracy and delay, we propose an m‐list table‐based attack detecting (mTBAD) solution to minimize the detecting delay while guaranteeing the accuracy. Particularly, mTBAD maintains an m‐list table for malicious Interests entries by combining the disabling PIT exhaustion (DPE) and the negative acknowledgments (NACK). A lightweight monitor is equipped to issue m‐NACK packets to inform the attacked router and update its m‐list. Extensive simulations based on the GÉANT topology demonstrate that mTBAD reduces the detecting delay by 99.5% (from 280 to 1.2 milliseconds) compared with a state‐of‐the‐art mechanism, at the expense of a very slight loss regarding the false negative rate and the false positive rate. It proves that mTBAD can guarantee the detecting accuracy as well as to prevent long‐term memory occupation.