Mitigating DDoS attack in named data network

Abstract

Named Data Networking is a new concept in modern internet technology instead of conventional TCP/IP architecture where nodes are addressed based on the interest of the the consumers. Internet security is a very challenging research area due to the huge amount of traffic generation. NDN’s built-in structure emphasizes better privacy and security protection which enables more scalable networking but it is also vulnerable to many security threats including denial-of-service (DoS) or distributed DoS (DDoS). DDoS attack can be initiated by various methods, this thesis focuses on mitigation of one special type of DDoS attack, the interest flooding attack with respect to NDN architecture.

Distributed Denial of Service (DDoS) attacks are very prevalent now a days. Our proposed procedure represents the first step towards learning and possible mitigation of DDoS in NDN. We capture the network traffic to classify and learn about legitimate and malicious interests. Moreover, we propose attack detection based on selected features computed by SVM machine learning-based approach. We have simulated our method extensively with ns3-NDN simulator and we have provided experimental results to support the performance of our method