<p>The transition from a host-centric to a content-centric Internet has uncovered inherent challenges in the current TCP/IP architecture and prompted the evolution of a new paradigm for the Internet, called Information-Centric Networking (ICN). Named Data Networking (NDN), one of the most mature and widely studied ICN architectures, employs name-based routing, in-network caching, and native multicast support to improve mobility, scalability, and network efficiency. Due to its stateful forwarding, however, NDN is susceptible to Interest Flooding Attacks (IFAs) where the attacker can generate a large number of unsatisfiable interests, consuming all the space in the Pending Interest Table (PIT), which impacts the performance of the entire networks. Existing defense strategies, such as rate limiting, PIT management, and machine-learning-based approaches, face challenges in achieving accuracy, scalability, and deployability, particularly in IoT and edge environments. This paper proposes a multi-stage, complexity-aware evaluation framework for IFA detection in NDN. First, classifiers are used to separate the malicious and benign Interest traffic using Interest traffic patterns and attack-specific signatures. Second, dataset hardness is evaluated using matrix-based data complexity metrics, enabling a structured assessment of scalability and feasibility under varying NDN workloads. Finally, the Evaluation Based on Distance from Average Solution (EDAS) method is applied as a Multi-Criteria Decision-Making (MCDM) method to rank the datasets based on their complexity, to gain insights into the structural and empirical difficulties of IFA detection. The proposed framework is able to merge the classification performance and the complexity-driven analysis, which can help to give practical guidance for designing efficient and robust NDN security mechanisms.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A ranking-based multi-criteria complexity evaluation of interest flooding attack in named data networking

  • Saddam Hussain,
  • Ali Tufail,
  • Haji Awg Abdul Ghani Naim,
  • Nidal Nasser,
  • Mohsin Iftikhar,
  • Meshari Huwaytim Alanazi

摘要

The transition from a host-centric to a content-centric Internet has uncovered inherent challenges in the current TCP/IP architecture and prompted the evolution of a new paradigm for the Internet, called Information-Centric Networking (ICN). Named Data Networking (NDN), one of the most mature and widely studied ICN architectures, employs name-based routing, in-network caching, and native multicast support to improve mobility, scalability, and network efficiency. Due to its stateful forwarding, however, NDN is susceptible to Interest Flooding Attacks (IFAs) where the attacker can generate a large number of unsatisfiable interests, consuming all the space in the Pending Interest Table (PIT), which impacts the performance of the entire networks. Existing defense strategies, such as rate limiting, PIT management, and machine-learning-based approaches, face challenges in achieving accuracy, scalability, and deployability, particularly in IoT and edge environments. This paper proposes a multi-stage, complexity-aware evaluation framework for IFA detection in NDN. First, classifiers are used to separate the malicious and benign Interest traffic using Interest traffic patterns and attack-specific signatures. Second, dataset hardness is evaluated using matrix-based data complexity metrics, enabling a structured assessment of scalability and feasibility under varying NDN workloads. Finally, the Evaluation Based on Distance from Average Solution (EDAS) method is applied as a Multi-Criteria Decision-Making (MCDM) method to rank the datasets based on their complexity, to gain insights into the structural and empirical difficulties of IFA detection. The proposed framework is able to merge the classification performance and the complexity-driven analysis, which can help to give practical guidance for designing efficient and robust NDN security mechanisms.