A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking
Abstract
:1. Introduction
1.1. Related Surveys
Survey Reference | Topic | Drawbacks | Year of Release |
---|---|---|---|
[9] | Security, privacy, and access control in NDN |
| 2017 |
[18] | Leveraging NDN for Fragmented Networks in Smart Metropolitan Cities |
| 2018 |
[10] | Security attacks in Named data networking |
| 2019 |
[12] | NDN design and security attacks |
| 2019 |
[11] | An Overview of content poisoning in NDN |
| 2020 |
[17] | NDN for Efficient IoT-based disaster management in a Smart Campus |
| 2020 |
[14] | IFA in NDA and security challenges |
| 2021 |
[15] | NDN Future Security Challenges |
| 2021 |
[13] | IFA in NDN |
| 2022 |
[16] | IFA and its countermeasures in NDN |
| 2022 |
[19] | Selective content retrieval in ICN |
| 2022 |
Our Survey | Security attacks and intrusion detection mechanisms in NDN | - | 2022 |
1.2. Motivation and Goal of the Paper
1.3. Our Contributions
- A structured and comprehensive up-to-date review of the attacks that can target the NDN architecture with an analysis of the sub-categories of each attack and their impacts on the NDN structures.
- A detailed survey of the detection and mitigation techniques recently proposed in the literature for the four classes of attacks with a new classification of the presented NDN IDS based on their attack detection algorithm.
- An in-depth analysis of the limits of the presented NDN IDS and their comparison based on complexity, used topology, exposure to malicious nodes, etc.
- Finally, we identify the open research issues related to each attack to assist future NDN security research directions.
1.4. Organization of the Survey
2. Overview of the NDN Architecture
- Pending Interest Table (PIT): It contains the interest packet entries and the corresponding list of incoming interfaces and “on hold” interests that have not yet been satisfied. Multiple incoming interfaces indicate that the same data are requested from multiple downstream users.
- Content Store (CS): The CS holds a copy of the Data packets that have been passed by the NDN router, and this copy will be used to satisfy subsequent interests that request the same content. This caching mechanism speeds up data delivery and decreases the network load.
- Forwarding Information Base (FIB): FIB entries associate prefix names to one or many output interfaces to which the interest packets should be forwarded.
- Least Recently Used (LRU) (the content that has been less demanded is discarded): this cache policy is popular due to its well-performed measures, and it increases the chance of the cache hits, where it stores the most recent data for a longer period of time.
- Least Frequently Used (LFU): second most used cache policy in NDN architecture, in which the cache decision is based on the content. LFU entails evicting the item with the fewest requests during the previous time window. Only the most frequent objects from that time period continue to stay in the cache.
- Other caching policies are also used, such as FIFO (First In First Out) and Random (decide randomly to cache or not a content).
- SHA-256;
- RSA signature over SHA-256;
- ECDSA signature over SHA-256;
- Hmac over Sha-256.
3. Security Threats in the NDN Architecture
3.1. Cache Pollution Attack
3.2. Interest Flooding Attack
- Pre-Attack phase: consisted of four main essential metrics: Minimum Retransmission Wait Time (MRWT), Minimum Interest Frequency (MIF), the Minimum number of pieces of content stored in malicious producers and the topology characteristics.
- Main Attack phase: consisted of two steps such as: collecting the number of set of prefixes stored in the malicious producers and then the malicious consumers dynamically set the interest frequency, so it cannot be obviously detected, and that is managed by setting a pre-defined threshold.
3.3. Cache Poisoning Attack
3.4. Cache Privacy Attack
3.4.1. Timing-Based Attack (TBA)
3.4.2. Object Discovery Attack (ODA)
3.4.3. Data Flow Cloning Attack (DFCA)
3.4.4. Cache Side Channel Attack (CSCA)
3.4.5. NDN Traffic Analysis Attack (NTA)
- Preparation: Consisted of the necessary parameters to push the malicious content into the 1-Hop Router.
- Content Loading: Force the 1-Hop NDN router to cache the malicious content.
- Traffic Analysis: Monitor which content has been requested from the CS cache.
4. Attacks’ Detection and Mitigation Techniques
4.1. Detection and Mitigation of Cache Pollution Attacks
- Data validator;
- Provider CS;
- Content name;
- Task prefix;
- Digest prefix.
Paper Reference | Year of Release | Method |
---|---|---|
Mengjun Xie et al. [40] | 2012 | CacheShield-Based |
Park et al. [46] | 2012 | Randomness Check-Based |
Karami et al. [47] | 2015 | Adaptive Neuro-Fuzzy Inference System (ANFIS)-Based |
Guo et al. [41] | 2016 | Path diversity-Based |
Kamimoto et al. [42] | 2016 | Prefix hierarchy-Based |
Zhang et al. [43] | 2017 | Coefficient of Variation-Based |
Andre Nasserala et al. [51] | 2019 | Cache nFace-Based |
Yao et al. [44] | 2020 | Clustering-Based |
Lei et al. [49] | 2020 | Statistical-Based |
Jie Zhou et al. [52] | 2020 | Cache Partitioning-Based |
Akanksha Gupta et al. [50] | 2021 | K-Means Clustering-Based |
Kumar et al. [48] | 2021 | Interface Popularity Caching (IBPC)-Based |
Hidouri et al. [45] | 2022 | ICAN-Based |
Bing Li et al. [53] | 2022 | Blockchain-Based |
4.2. Detection and Mitigation of Interest Flooding Attacks
- The number of arriving data packets;
- The number of arriving interest packets;
- The number of outgoing data packets;
- The number of outgoing interest packets;
- The number of satisfied interest packets;
- The size of the PIT entries.
- Detection strategy: An initial stage of detecting the attack is to launch the network functionality in a normal state in order to store the history of the traffic transmission. The next stage compares the historical traffic transmission with current ones, and those metrics are as follows: The time window rolls, the throughput and the existent time of PIT entry in the current time window.
- Mitigation strategy: In case an anomaly is suspected, the mechanism starts to measure the rate of the PIT allocated. If this value is superior to a pre-defined threshold, the PIT entries that remained for a longer time will be reset.
- Number of sent interest packet.
- Number of received data packet.
- Number of entries recorded in the PIT.
- Number of expired PIT entries in the PIT.
- If the score value of the data prefix is closer to 1, the prefix is suspected.
- If the score value is under 0.5; the prefix is valid.
- If all prefixes have the score value equal to 0.5, no attack exists in the network.
4.3. Detection and Mitigation of Cache Poisoning Attacks
- Interests satisfaction ratio.
- Average latency.
- Data receiving ratio.
- CS size capacity.
- External Infection Protocol (EIP): This protocol is used to grant access for the External Infection of the network nodes one-by-one; this protocol defines the trust value of each node in the network.
- Internal Infection Protocol (IIP): This protocol is used to launch the internal infection schema calculation based on Markovian finite state.
- Content Hash: made in order to authenticate;
- Producer Public-key;
- Previously Block hash;
- Signature: contains the signature of the early mentioned content credentials.
- First scenario: if > then the content is safe;
- Second scenario: if < then the content is infected;
- Third scenario: if < < then a fuzzy approach needs to be used;
- VIP-Consumer: one who demands the content urgently.
- NonVip-Consumer: normal basic consumer.
4.4. Detection and Mitigation of Cache Privacy Attacks
Detection and Mitigation of Timing-Based Attack (TBA)
- Current RTT.
- RTT threshold.
- Old RTT threshold.
- Cache hit ratio.
- Cache hit ratio threshold.
- Old cache hit threshold.
- Private: is a boolean value which takes it to be true as an entry if the data associated is private. Where each transfer is under the same name, the space is considered confidential.
- NumPrivate: is an integer value that defines the number of the private components that existed in that nameSpace.
- Data NameSpace.
- Interest NameSpace.
- Data packet.
- Interest packet.
- Content stored in the cache.
- The attack rate.
- Minor Phase: Where a pre-defined threshold defined the Detection phase period window (TIME); if the attack detected superior to TIME, the face of where that interest is will be recorded.
- Moderate Phase: In this phase, the cache will change its caching strategy.
- Severe Phase: The top level alert, where the router will disable the caching in order to save the confidential content.
- If the value of : Minor Phase is enabled for 3 s and the detection is kept in each 0.5 s.
- If the attack state is still true: Increment the Moderate phase for 3 s and keep the detection process for more than 0.5 s.
- If the attack still on: Severe phase is set as true and keeps discarding the caching process, where the NoCache strategy is set as the default policy of that NDN router.
5. Limits of Existing Attacks’ Detection and Mitigation Techniques
5.1. Limits of Cache Pollution Attack Mitigation Mechanisms
- The huge exhaustion of the resources of the router such as bandwidth, caching resources, etc., because many data packets need to be cached in order to decide the probability of the attack.
- The high rate of false positives leads the mechanism to allow content demanded by the malicious node to be cached, hindering the storage required by legitimate nodes.
5.2. Limits of Interest Flooding Attack Mitigation Mechanisms
5.3. Limits of Cache Poisoning Attack Mitigation Mechanisms
5.4. Limits of Cache Privacy Attack Mitigation Mechanisms
6. NDN Security Open Research Issues
6.1. Open Research Issues for Cache Pollution Attacks
- More efficient and accurate metrics need to be chosen in order to avoid the high false positive alarms.
- NDN router resources need to be taken into consideration, such as CPU usage and Content space usage in order to build appropriate detection and mitigation mechanisms.
- The mechanisms that rely on datasets, supervised learning techniques and offline simulations need to consider a real wider topology in order to be accurate in defining the exact detection values and the qualified thresholds.
- The mitigation mechanisms need to take the right action according to the performance of NDN network status.
- The right feature selection needs to be used in the detection mechanisms that are based on the Neural Network Approaches.
6.2. Open Research Issues for Interest Flooding Attacks
- Static data as well as the dynamic requested data need to be taken into consideration in order to design the appropriate mitigation mechanism.
- The phase of initialization can be critical in the identification of the attack, where the attack can be launched from the beginning of the simulation.
- The proposed mitigation technique need not inflict high damage to NDN routers in terms of resource consumption.
- Monitoring different NDN routers along the data transmission is needed. In addition, the hop count field can help to detect which NDN router can be attacked. The hop count field needs to be controlled in the detection mechanism.
6.3. Open Research Issues for Cache Poisoning Attacks
- The attack can be realized by single/multiple malicious consumers or a combination of malicious consumers with malicious NDN routers. The mitigation mechanism needs to take all the attacking components into consideration.
- A distributed detection system needs to be implemented in a large number of nodes in order to obtain the appropriate decision.
- The appropriate metrics related to the CS cache need to be taken into consideration.
- The detection based on the prefix variation should be able to differentiate the architecture of various prefix patterns.
6.4. Open Research Issues for Cache Privacy Attacks
- Adding different fields can be critical in designing the mitigation mechanism, where the identification of the consumers anywhere else can create a conflict with the NDN privacy conservation.
- The detection mechanisms that are based on adding an extra delay on the attacking request need to take into consideration the dynamic delay of requesting malicious contents, which means the predefined threshold needs to be accurate.
- The low NDN routers resources need to be managed and taken into consideration.
- A communication mechanism between the different nodes needs to be designed in order to protect the neighbor NDN routers as soon as any of the routers detects the attack, such as with an announcement in every predefined time step.
- Boosting techniques in detecting the attack based on Neural Networks need to be used, similar to the case of [92].
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
PIT | Pending Interest Table |
CS | Content Store |
FIB | Forwarding Information Base |
CPA | Cache Pollution Attack |
IFA | Interest Flooding Attack |
CDN | Content Delivery Network |
P2P | Peer-to-Peer |
DDB | Distributed Database |
LRU | Least Recently Used |
LFU | Least Frequently Used |
FLA | False Locality Attack |
LDA | Locality disruption attack |
CHR | Cache Hit Ratio |
ARD | Average Retreival Delay |
HDR | Hit Damage Ratio |
BIFA | Basic Interest Flooding Attack |
CIFA | Collusive Interest Flooding Attack |
SCAN | Smart Collaborative Attack in NDN |
TBA | Timing-Based Attack |
ODA | Object Discovery Attack |
DFCA | Data Flow Cloning Attack |
CSCA | Cache Side Channel Attack |
NDN-RTT | NDN Round Trip Time |
NTA | NDN Traffic Analysis Attack |
CPMH | Cache Protection Method based on prefix Hierarchy |
RVP | Request rate Variation for each Prefix |
CV | Coefficient of Variation |
ICAN | Intrusion detection system for CPA attack in NDN |
ANFIS | Adaptive Neuro-Fuzzy Inference System |
EWMA | Exponentially Weighted Moving Average |
CUSUM | Cumulative Sum |
HNIMFA | Heterogeneous N-Intertwined Mean Field Approximation |
SIS | Susceptible-Infected-Susceptible |
SVM | Support Vector Machine |
JS | Jensen-Shannon |
SDN | Software Defined Networking |
References
- Bhowmik, S. Cloud Computing; Cambridge University Press: Cambridge, UK, 2017. [Google Scholar] [CrossRef]
- Barkai, D. Technologies for sharing and collaborating on the Net. In Proceedings of the First International Conference on Peer-to-Peer Computing, Linköping, Sweden, 27–29 August 2001. [Google Scholar] [CrossRef]
- Velmurugan, L.; Manoharan, S. Designing Factors of Distributed Database System: A Review. Data Min. Knowl. Eng. 2020, 12, 7–10. [Google Scholar]
- Cheriton, D.; Gritter, M. TRIAD: A New Next-Generation Internet Architecture. Available online: http://www-dsg.stanford.edu/triad/ (accessed on 1 December 2022).
- Koponen, T.; Chawla, M.; Chun, B.-G.; Ermolinskiy, A.; Kim, K.H.; Shenker, S.; Stoica, I. A data-oriented (and beyond) network architecture. SIGCOMM Comput. Commun. Rev. 2007, 37, 181–192. [Google Scholar] [CrossRef]
- Trossen, D. Pursuit Project. Available online: http://www.fp7-pursuit.eu/PursuitWeb/ (accessed on 1 December 2022).
- Jacobson, V.; Smetters, D.K.; Thornton, J.D.; Plass, M.; Briggs, N.; Braynard, R. Networking named content. Commun. ACM 2012, 55, 117–124. [Google Scholar] [CrossRef]
- Zhang, L.; Estrin, D.; Burke, J.; Jacobson, V.; Thornton, J.D.; Smetters, D.K.; Papadopoulos, C. Named Data Networking (NDN) Project; Relatório Técnico NDN-0001; Xerox Palo Alto Research Center-PARC: Palo Alto, CA, USA, 2010; Volume 157, p. 158. [Google Scholar]
- Tourani, R.; Misra, S.; Mick, T.; Panwar, G. Security, Privacy, and Access Control in Information-Centric Networking: A Survey. IEEE Commun. Surv. Tutor. 2017, 20, 566–600. [Google Scholar] [CrossRef]
- Kumar, N.; Singh, A.K.; Aleem, A.; Srivastava, S. Security Attacks in Named Data Networking: A Review and Research Directions. J. Comput. Sci. Technol. 2019, 34, 1319–1350. [Google Scholar] [CrossRef]
- Im, H.; Kim, D. An Overview of Content Poisoning in NDN: Attacks, Countermeasures, and Direction. KSII Trans. Internet Inf. Syst. 2020, 14, 2904–2918. [Google Scholar] [CrossRef]
- Arulkumaran, G.; Rajalakshmi, N.R. Named Data Networking (NDN), Internet Architecture Design and Security Attacks. Int. J. Innov. Technol. Explor. Eng. 2019, 8, 1281–1284. [Google Scholar] [CrossRef]
- Benmoussa, A.; Kerrache, C.A.; Lagraa, N.; Mastorakis, S.; Lakas, A.; Tahari, A.E.K. Interest Flooding Attacks in Named Data Networking: Survey of Existing Solutions, Open Issues, Requirements and Future Directions. ACM Comput. Surv. 2022. [Google Scholar] [CrossRef]
- Lee, R.-T.; Leau, Y.-B.; Park, Y.J.; Anbar, M. A Survey of Interest Flooding Attack in Named-Data Networking: Taxonomy, Performance and Future Research Challenges. IETE Tech. Rev. 2021, 1–19. [Google Scholar] [CrossRef]
- Shah, M.S.M.; Leau, Y.-B.; Yan, Z.; Anbar, M. Hierarchical Naming Scheme in Named Data Networking for Internet of Things: A Review and Future Security Challenges. IEEE Access 2022, 10, 19958–19970. [Google Scholar] [CrossRef]
- Jeet, R.; Kumar, P.A.R. A survey on interest packet flooding attacks and its countermeasures in named data networking. Int. J. Inf. Secur. 2022, 21, 1163–1187. [Google Scholar] [CrossRef]
- Ali, Z.; Shah, M.A.; Almogren, A.; Din, I.U.; Maple, C.; Khattak, H.A. Named Data Networking for Efficient IoT-based Disaster Management in a Smart Campus. Sustainability 2020, 12, 3088. [Google Scholar] [CrossRef]
- Khan, O.A.; Shah, M.A.; Din, I.U.; Kim, B.-S.; Khattak, H.A.; Rodrigues, J.J.P.C.; Farman, H.; Jan, B. Leveraging Named Data Networking for Fragmented Networks in Smart Metropolitan Cities. IEEE Access 2018, 6, 75899–75911. [Google Scholar] [CrossRef]
- Quevedo, J.; Corujo, D. Selective Content Retrieval in Information-Centric Networking. Sensors 2022, 22, 8742. [Google Scholar] [CrossRef]
- Karim, F.A.; Aman, A.H.M.; Hassan, R.; Nisar, K.; Uddin, M. Named Data Networking: A Survey on Routing Strategies. IEEE Access 2022, 10, 90254–90270. [Google Scholar] [CrossRef]
- Mejri, S.; Touati, H.; Malouch, N.; Kamoun, F. Hop-by-Hop Congestion Control for Named Data Networks. In Proceedings of the 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), Hammamet, Tunisia, 30 October–3 November 2017; pp. 114–119. [Google Scholar] [CrossRef]
- Mejri, S.; Touati, H.; Kamoun, F. Hop-by-hop interest rate notification and adjustment in named data networks. In Proceedings of the 2018 IEEE Wireless Communications and Networking Conference (WCNC), Barcelona, Spain, 15–18 April 2018; pp. 1–6. [Google Scholar] [CrossRef]
- Wang, K.; Guo, D.; Quan, W. Analyzing NDN NACK on Interest Flooding Attack via SIS Epidemic Model. IEEE Syst. J. 2019, 14, 1862–1873. [Google Scholar] [CrossRef]
- Nguyen, T.; Mai, H.-L.; Cogranne, R.; Doyen, G.; Mallouli, W.; Nguyen, L.; El Aoun, M.; De Oca, E.M.; Festor, O. Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking. IEEE Trans. Inf. Forensics Secur. 2019, 14, 2470–2485. [Google Scholar] [CrossRef]
- da Silva, E.T.; de Macedo, J.M.H.; Costa, A.L.D. NDN Content Store and Caching Policies: Performance Evaluation. Computers 2022, 11, 37. [Google Scholar] [CrossRef]
- Chatterjee, T.; Ruj, S.; Das Bit, S. Security Issues in Named Data Networks. Computer 2018, 51, 66–75. [Google Scholar] [CrossRef]
- Zhang, Z.; Wong, S.Y.; Shi, J.; Pesavento, D.; Afanasyev, A.; Zhang, L. On Certificate Management in Named Data Networking. arXiv 2020, arXiv:2009.09339. [Google Scholar]
- Bouk, S.H.; Ahmed, S.H.; Hussain, R.; Eun, Y. Named Data Networking’s Intrinsic Cyber-Resilience for Vehicular CPS. IEEE Access 2018, 6, 60570–60585. [Google Scholar] [CrossRef]
- Gasti, P.; Tsudik, G.; Uzun, E.; Zhang, L. DoS and DDoS in Named Data Networking. In Proceedings of the 2013 22nd International Conference on Computer Communication and Networks (ICCCN), Nassau, Bahamas, 30 July–2 August 2013; pp. 1–7. [Google Scholar] [CrossRef]
- Al-Musawi, B.; Branch, P.; Armitage, G. BGP Anomaly Detection Techniques: A Survey. IEEE Commun. Surv. Tutor. 2017, 19, 377–396. [Google Scholar] [CrossRef]
- Deng, L.; Gao, Y.; Chen, Y.; Kuzmanovic, A. Pollution attacks and defenses for Internet caching systems. Comput. Netw. 2008, 52, 935–956. [Google Scholar] [CrossRef]
- Hidouri, A.; Hadded, M.; Hajlaoui, N.; Touati, H.; Muhlethaler, P. Cache pollution attacks in the NDN architecture: Impact and analysis. In Proceedings of the 2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 23–25 September 2021. [Google Scholar] [CrossRef]
- Buragohain, M.; Nandi, S. Demystifying security on NDN: A survey of existing attacks and open research challenges. In The “Essence” of Network Security: An End-to-End Panorama; Springer: Singapore, 2020; pp. 241–261. [Google Scholar] [CrossRef]
- Al-Share, R.A.; Shatnawi, A.S.; Al-Duwairi, B. Detecting and Mitigating Collusive Interest Flooding Attacks in Named Data Networking. IEEE Access 2022, 10, 65996–66017. [Google Scholar] [CrossRef]
- Wu, Z.; Feng, W.; Lei, J.; Yue, M. I-CIFA: An improved collusive interest flooding attack in named data networking. J. Inf. Secur. Appl. 2021, 61, 102912. [Google Scholar] [CrossRef]
- Buragohain, M.; Kathar, C.J.; Kachari, C.; Nandi, S.K.; Nandi, S. SCAN: Smart Collaborative Attack in Named Data Networking. In Proceedings of the 2020 IEEE 45th Conference on Local Computer Networks (LCN), Sydney, Australia, 16–19 November 2020; pp. 124–133. [Google Scholar] [CrossRef]
- Lauinger, T.; Laoutaris, N.; Rodriguez, P.; Strufe, T.; Biersack, E.; Kirda, E. Privacy Implications of Ubiquitous Caching in Named Data Networking Architectures; Technical Report; Northeastern University: Boston, MA, USA, 2012. [Google Scholar]
- Dogruluk, E.; Costa, A.; Macedo, J. Identifying previously requested content by side-channel timing attack in NDN. In Communications in Computer and Information Science; Springer: Berlin/Heidelberg, Germany, 2018; pp. 33–46. [Google Scholar] [CrossRef]
- Compagno, A.; Conti, M.; Losiouk, E.; Tsudik, G.; Valle, S. A proactive cache privacy attack on NDN. In Proceedings of the NOMS 2020—2020 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 20–24 April 2020. [Google Scholar] [CrossRef]
- Xie, M.; Widjaja, I.; Wang, H. Enhancing cache robustness for content-centric networking. In Proceedings of the 2012 Proceedings IEEE INFOCOM, Orlando, FL, USA, 25–30 March 2012. [Google Scholar] [CrossRef]
- Guo, H.; Wang, X.; Chang, K.; Tian, Y. Exploiting path diversity for thwarting pollution attacks in named data networking. IEEE Trans. Inf. Forensics Secur. 2016, 11, 2077–2090. [Google Scholar] [CrossRef]
- Kamimoto, T.; Mori, K.; Umeda, S.; Ohata, Y.; Shigeno, H. Cache protection method based on prefix hierarchy for content-oriented network. In Proceedings of the 2016 13th IEEE Annual Consumer Communications Networking Conference (CCNC), Las Vegas, NV, USA, 9–12 January 2016. [Google Scholar] [CrossRef]
- Zhang, G.; Liu, J.; Chnag, X.; Chen, Z. Combining Popularity and Locality to Enhance In-Network Caching Performance and Mitigate Pollution Attacks in Content-Centric Networking. IEEE Access 2017, 5, 19012–19022. [Google Scholar] [CrossRef]
- Yao, L.; Fan, Z.; Deng, J.; Fan, X.; Wu, G. Detection and defense of cache pollution attacks using clustering in named data networks. IEEE Trans. Dependable Secur. Comput. 2020, 17, 1310–1321. [Google Scholar] [CrossRef]
- Hidouri, A.; Touati, H.; Hadded, M.; Hajlaoui, N.; Muhlethaler, P. A detection mechanism for cache pollution attack in named data network architecture. In Advanced Information Networking and Applications; Springer: Berlin/Heidelberg, Germany, 2022; pp. 435–446. [Google Scholar] [CrossRef]
- Park, H.; Widjaja, I.; Lee, H. Detection of cache pollution attacks using randomness checks. In Proceedings of the 2012 IEEE International Conference on Communications (ICC), Ottawa, ON, Canada, 10–15 June 2012. [Google Scholar] [CrossRef]
- Karami, A.; Guerrero-Zapata, M. An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking. Comput. Netw. 2015, 80, 51–65. [Google Scholar] [CrossRef] [Green Version]
- Kumar, N.; Srivast, S. IBPC: An Approach for Mitigation of Cache Pollution Attack in NDN using Interface-Based Popularity; Research Square Platform LLC: Durham, NC, USA, 2021. [Google Scholar] [CrossRef]
- Lei, K.; Fang, J.; Zhang, Q.; Lou, J.; Du, M.; Huang, J.; Wang, J.; Xu, K. Blockchain-Based cache poisoning security protection and privacy-aware access control in NDN vehicular edge computing networks. J. Grid Comput. 2020, 18, 593–613. [Google Scholar] [CrossRef]
- Gupta, A.; Nahar, P. Detection of Cache Pollution Attacks in a Secure Information-Centric Network. In Data Analytics and Management; Khanna, A., Gupta, D., Pólkowski, Z., Bhattacharyya, S., Castillo, O., Eds.; Lecture Notes on Data Engineering and Communications Technologies; Springer: Singapore, 2021; Volume 54. [Google Scholar] [CrossRef]
- Nasserala, A.; Bastos, I.V.; Monteiro Moraes, I. Cache nFace: A simple countermeasure for the producer-consumer collusion attack in Named Data Networking. Ann. Telecommun. 2019, 74, 125–137. [Google Scholar] [CrossRef]
- Zhou, J.; Luo, J.; Deng, L.; Wang, J. Cache Pollution Prevention Mechanism Based on Cache Partition in V-NDN. In Proceedings of the 2020 IEEE/CIC International Conference on Communications in China (ICCC), Chongqing, China, 9–11 August 2020; pp. 330–335. [Google Scholar] [CrossRef]
- Li, B.; Ma, M. An Advanced Hierarchical Identity-Based Security Mechanism by Blockchain in Named Data Networking. J. Netw. Syst. Manag. 2023, 31, 13. [Google Scholar] [CrossRef]
- Dai, H.; Wang, Y.; Fan, J.; Liu, B. Mitigate DDoS attacks in NDN by interest traceback. In Proceedings of the 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Turin, Italy, 14–19 April 2013. [Google Scholar] [CrossRef]
- Compagno, A.; Conti, M.; Gasti, P.; Tsudik, G. Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking. In Proceedings of the 38th Annual IEEE Conference on Local Computer Networks, Sydney, Australia, 21–24 October 2013. [Google Scholar] [CrossRef] [Green Version]
- Karami, A.; Guerrero-Zapata, M. A hybrid multiobjective RBF-PSO method for mitigating DoS attacks in Named Data Networking. Neurocomputing 2015, 151, 1262–1282. [Google Scholar] [CrossRef]
- Zhi, T.; Liu, Y.; Wang, J.; Zhang, H. Resist Interest Flooding Attacks via Entropy–SVM and Jensen–Shannon Divergence in Information-Centric Networking. IEEE Syst. J. 2020, 14, 1776–1787. [Google Scholar] [CrossRef]
- Benmoussa, A.; Tahari A el, K.; Kerrache, C.A.; Lagraa, N.; Lakas, A.; Hussain, R.; Ahmad, F. MSIDN: Mitigation of Sophisticated Interest flooding-based DDoS attacks in Named Data Networking. Future Gener. Comput. Syst. 2020, 107, 293–306. [Google Scholar] [CrossRef]
- Benarfa, A.; Hassan, M.; Losiouk, E.; Compagno, A.; Yagoubi, M.B.; Conti, M. ChoKIFA+: An early detection and mitigation approach against interest flooding attacks in NDN. Int. J. Inf. Secur. 2021, 20, 269–285. [Google Scholar] [CrossRef]
- Alhisnawi, M.; Ahmadi, M. Detecting and Mitigating DDoS Attack in Named Data Networking. J. Netw. Syst. Manag. 2020, 28, 1343–1365. [Google Scholar] [CrossRef]
- Wu, Z.; Feng, W.; Yue, M.; Xu, X.; Liu, L. Mitigation measures of collusive interest flooding attacks in named data networking. Comput. Secur. 2020, 97, 101971. [Google Scholar] [CrossRef]
- Liu, L.; Feng, W.; Wu, Z.; Yue, M.; Zhang, R. The Detection Method of Collusive Interest Flooding Attacks Based on Prediction Error in NDN. IEEE Access 2020, 8, 128005–128017. [Google Scholar] [CrossRef]
- Xing, G.; Chen, J.; Hou, R.; Zhou, L.; Dong, M.; Zeng, D.; Luo, J.; Ma, M. Isolation Forest-Based Mechanism to Defend against Interest Flooding Attacks in Named Data Networking. IEEE Commun. Mag. 2021, 59, 98–103. [Google Scholar] [CrossRef]
- Zhang, X.; Li, R.; Hou, W. Attention-Based LSTM model for IFA detection in named data networking. Secur. Commun. Netw. 2022, 2022, 1812273. [Google Scholar] [CrossRef]
- Wu, Z.; Peng, S.; Liu, L.; Yue, M. Detection of Improved Collusive Interest Flooding Attacks Using BO-GBM Fusion Algorithm in NDN. IEEE Trans. Netw. Sci. Eng. 2022. [Google Scholar] [CrossRef]
- Kim, D.; Nam, S.; Bi, J.; Yeom, I. Efficient content verification in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking, San Francisco, CA, USA, 30 September–2 October 2015. [Google Scholar] [CrossRef]
- Ghali, C.; Tsudik, G.; Uzun, E. Needle in a Haystack: Mitigating content poisoning in named-data networking. In Proceedings of the 2014 Workshop on Security of Emerging Networking Technologies, San Diego, CA, USA, 23–26 February 2014. [Google Scholar] [CrossRef] [Green Version]
- Rezaeifar, Z.; Wang, J.; Oh, H. A trust-based method for mitigating cache poisoning in Name Data Networking. J. Netw. Comput. Appl. 2018, 104, 117–132. [Google Scholar] [CrossRef]
- Konorski, J. Mitigating Time-Constrained Stolen-Credentials Content Poisoning in an NDN Setting. In Proceedings of the 2019 29th International Telecommunication Networks and Applications Conference (ITNAC), Auckland, New Zealand, 27–29 November 2019; pp. 1–7. [Google Scholar] [CrossRef]
- Saha, B.K.; Misra, S. Mitigating NDN-Based Fake Content Dissemination in Opportunistic Mobile Networks. IEEE Trans. Mob. Comput. 2020, 19, 1375–1386. [Google Scholar] [CrossRef]
- Baranski, S.; Konorski, J. Mitigation of Fake Data Content Poisoning Attacks in NDN via Blockchain. In Proceedings of the 2020 30th International Telecommunication Networks and Applications Conference (ITNAC), Melbourne, Australia, 25–27 November 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Singh, V.P.; Ujjwal, R.L. NDN Content Poisoning Attack Mitigation Using Fuzzy-Reputation Based Trust. In Innovations in Cyber Physical Systems; Singh, J., Kumar, S., Choudhury, U., Eds.; Lecture Notes in Electrical Engineering; Springer: Singapore, 2021; Volume 788. [Google Scholar] [CrossRef]
- Hussain, S.; Ullah, S.S.; Gumaei, A.; Al-Rakhami, M.; Ahmad, I.; Arif, S.M. A Novel Efficient Certificateless Signature Scheme for the Prevention of Content Poisoning Attack in Named Data Networking-Based Internet of Things. IEEE Access 2021, 9, 40198–40215. [Google Scholar] [CrossRef]
- Feng, M.; Li, R.; Hu, Y.; Yu, M. A Caching Strategy Based on Content Popularity Level for NDN. In Advances in Artificial Intelligence and Security. ICAIS 2021; Sun, X., Zhang, X., Xia, Z., Bertino, E., Eds.; Communications in Computer and Information Science; Springer: Cham, Germany, 2021; Volume 1424. [Google Scholar] [CrossRef]
- Qureshi, A.M.; Anjum, N.; Rais, R.N.B.; Ur-Rehman, M.; Qayyum, A. Detection of malicious consumer interest packet with dynamic threshold values. PeerJ Comput. Sci. 2021, 7, e435. [Google Scholar] [CrossRef]
- Hou, S.; Hu, Y.; Tian, L. Named data network dynamic cache placement strategy based on programmable data plane. IET Netw. 2022. [Google Scholar] [CrossRef]
- Lauinger, T.; Laoutaris, N.; Rodriguez, P.; Strufe, T.; Biersack, E.; Kirda, E. Privacy risks in Named Data Networking: What is the cost of performance? ACM SIGCOMM Comput. Commun. Rev. 2012, 42, 54–57. [Google Scholar] [CrossRef]
- Ntuli, N.; Han, S. Detecting router cache snooping in Named Data Networking. In Proceedings of the 2012 International Conference on ICT Convergence (ICTC), Jeju, Korea, 15–17 October 2012. [Google Scholar] [CrossRef]
- Gao, M.; Zhu, X.; Su, Y. Protecting router cache privacy in named data networking. In Proceedings of the 2015 IEEE/CIC International Conference on Communications in China (ICCC), Shenzhen, China, 2–4 November 2015. [Google Scholar] [CrossRef]
- Kumar, N.; Singh, A.K.; Srivastava, S. A triggered delay-based approach against cache privacy attack in NDN. Int. J. Netw. Distrib. Comput. 2018, 6, 174. [Google Scholar] [CrossRef]
- Kumar, N.; Aleem, A.; Singh, A.K.; Srivastava, S. NBP: Namespace-based privacy to counter timing-based attack in named data networking. J. Netw. Comput. Appl. 2019, 144, 155–170. [Google Scholar] [CrossRef]
- Singh, V.P.; Ujjwal, R.L. Privacy attack modeling and risk assessment method for name data networking. In Advances in Intelligent Systems and Computing; Springer: Singapore, 2019; pp. 109–119. [Google Scholar] [CrossRef]
- Ko, K.T.; Hlaing, H.H.; Mambo, M. A peks-based NDN strategy for name privacy. Future Internet 2020, 12, 130. [Google Scholar] [CrossRef]
- Dogruluk, E.; Gama, O.; Costa, A.D.; Macedo, J. Public key certificate privacy in vondn: Voice over named data networks. IEEE Access 2020, 8, 145803–145823. [Google Scholar] [CrossRef]
- Ghasemi, C.; Yousefi, H.; Zhang, B. Internet-Scale video streaming over NDN. IEEE Netw. 2021, 35, 174–180. [Google Scholar] [CrossRef]
- Xu, Z.; Khan, H.; Muresan, R. TMorph: A Traffic Morphing Framework to Test Network Defenses Against Adversarial Attacks. In Proceedings of the 2022 International Conference on Information Networking (ICOIN), Jeju-si, Republic of Korea, 12–15 January 2022. [Google Scholar] [CrossRef]
- Dogruluk, E.; Macedo, J.; Costa, A. A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures. Electronics 2022, 11, 1265. [Google Scholar] [CrossRef]
- Kang, P.; Wenzhong, Y.; Ding, T. Blockchain document forwarding and proof method based on NDN network. IEEE Access 2022, 10, 75312–75322. [Google Scholar] [CrossRef]
- Chen, Y.; Chen, H.; Zhang, Y.; Han, M.; Siddula, M.; Cai, Z. A survey on blockchain systems: Attacks, defenses, and privacy preservation. High-Confid. Comput. 2022, 2, 100048. [Google Scholar] [CrossRef]
- NDN Packet Format Specification—NDN Packet Format Specification 0.1 Documentation. (n.d.). Available online: https://named-data.net/doc/NDN-packet-spec/0.1/ (accessed on 1 December 2022).
- NDN Packet Format Specification 0.3. Named-Data.Net. 2022. Available online: https://named-data.net/doc/NDN-packet-spec/current/ (accessed on 1 December 2022).
- Cao, B.; Li, C.; Song, Y.; Fan, X. Network Intrusion Detection Technology Based on Convolutional Neural Network and BiGRU. Comput. Intell. Neurosci. 2022, 2022, 1942847. [Google Scholar] [CrossRef]
Cache Policy | Cache Policy Categories | Cache Policy Usage |
---|---|---|
Least Recently Used (LRU) | Recency-Caching-Based | +++ |
Least Frequently Used (LFU) | Frequency-Caching-Based | ++ |
First In First Out (FIFO) | Naive-Caching-Based | + |
Random | Randomness-Caching-Based | + |
Attack | The Attacker Entity | Target Security Goal | Target Entity |
---|---|---|---|
Cache Pollution | Consumer/producer | Availability | CS |
Cache Privacy | Consumer | Confidentiality | CS |
Cache Poisoning | Consumer/producer | Availability | CS |
Interest Flooding | Consumer | Availability | PIT |
Paper Reference | Year of Release | Type of Attack | Method |
---|---|---|---|
Dai et al. [54] | 2013 | BIFA | Probabilistic-Based |
Compagno et al. [55] | 2013 | BIFA | Probabilistic-Based |
Karami et al. [47] | 2015 | BIFA | Neural Network-Based |
Kai Wang et al. [23] | 2020 | BIFA and CIFA | SIS Epidemic Model-Based |
Ting Zhi et al. [57] | 2020 | BIFA | Entropy–SVM and Jensen–Shannon Divergence-Based |
Ahmed Benmoussa et al. [58] | 2020 | BIFA | Statistical-Based |
Mahmood Ahmadi [60] | 2020 | BIFA | Probabilistic-Based |
Zhijun Wu et al. [61] | 2020 | BIFA and CIFA | Statistical-Based |
Liang Liu et al. [62] | 2020 | CIFA | Prediction Error |
Abdelmadjid Benarfa et al. [59] | 2021 | BIFA | SDN-Based |
Guanglin Xing et al. [63] | 2021 | BIFA | Isolation Forest-Based |
Karami et al. [56] | 2022 | BIFA | Hybrid multi-objective RBF-PSO-Based |
Al-Share et al. [34] | 2022 | BIFA, SMART and CIFA | CUSUM-Based |
Xin Zhang et al. [64] | 2022 | BIFA and SMART | Attention-Based LSTM model-Based |
Zhijun Wu et al. [65] | 2022 | I-CIFA | BO-GBM Fusion Algorithm-Based |
Paper Reference | Year of Release | Affecting Component | Method |
---|---|---|---|
Gasti et al. [29] | 2013 | MConsumer | Self-certifying-Based |
Ghali et al. [67] | 2014 | MConsumer | Content Ranking-Based |
Kim et al. [66] | 2015 | MConsumer + MRouter | Light Self-certifying-Based |
Zeinab Rezaeifar et al. [68] | 2018 | MConsumer | Trust value-Based |
Jerzy Konorski [69] | 2019 | MConsumer | Markovian Finite State-Based |
Barun Kumar Saha et al. [70] | 2020 | MConsumer | Fake Content Dissemination-Based |
Stanislaw Baranski et al. [71] | 2020 | MConsumer + MRouter | Blockchain-Based |
Vishwa Pratap Singh et al. [72] | 2021 | MConsumer | Trust Value-Based |
Saddam Hussain et al. [73] | 2021 | MConsumer | Self Certification-Based |
Min Feng et al. [74] | 2021 | MConsumer | Content Popularity-Based |
Adnan Mahmood Qureshi et al. [75] | 2021 | MConsumer | Dynamic Threshold-Based |
Hou et al. [76] | 2022 | MConsumer | Programmable NDN Data Plane-Based |
Paper Reference | Year of Release | Type of Attack | Method |
---|---|---|---|
Lauinger et al. [77] | 2012 | TBA | Disabling Packet Fields-Based |
Gao et al. [79] | 2015 | TBA | Pattern-Based |
Ntuli et al. [78] | 2018 | TBA | Delay-Based |
Naveen Kumar et al. [81] | 2019 | CSCA | NBP-Based |
Ertugrul Dogruluk et al. [38] | 2020 | CSCA | Statical-Based |
Naveen Kumar et al. [80] | 2018 | CSCA | Triggered Delay-Based |
Vishwa Pratap Singh et al. [82] | 2019 | CSCA | Attack Tree-Based |
Kyi Thar Ko et al. [83] | 2020 | CSCA | PEKS-Based |
Ertugrul Dogruluk et al. [84] | 2020 | CSCA | DaD-Based |
Alberto Compagno et al. [39] | 2020 | NTA | Delay, Pattern and Traffic Morphic-Based |
Ertugrul Dogruluk et al. [87] | 2022 | CSCA | Enhanced-DaD-Based |
Peng Kang et al. [88] | 2022 | CSCA | Blockchain-Based |
Ref | Limitations | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Compromisable | Identity Leakage | Bandwidth Usage | Space Storage | CPU Overload | Accuracy | Topology | Complexity | False Positive | ||
CPA | [14] | √ | √ | √ | √ | |||||
[9] | √ | |||||||||
[15] | √ | √ | √ | √ | ||||||
[34] | √ | √ | ||||||||
[55] | √ | √ | √ | √ | √ | |||||
[50] | √ | √ | √ | |||||||
[51] | √ | √ | √ | |||||||
[52] | √ | √ | √ | √ | √ | |||||
[53] | √ | √ | √ | √ |
Ref | Limitations | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Compromisable | Identity Leakage | Bandwidth Usage | Space Storage | CPU Overload | Accuracy | Topology | Complexity | False Positive | ||
Interest Flooding Attack (IFA) | [63] | √ | √ | |||||||
[65] | √ | √ | √ | √ | √ | |||||
[34] | √ | √ | ||||||||
[23] | √ | √ | √ | |||||||
[57] | √ | √ | ||||||||
[58] | √ | √ | ||||||||
[59] | √ | √ | √ | |||||||
[60] | √ | √ | √ | |||||||
[61] | √ | √ | √ | |||||||
[62] | √ | √ | ||||||||
[63] | √ | √ | √ | √ | √ | |||||
[64] | √ | √ | ||||||||
[65] | √ | √ |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hidouri, A.; Hajlaoui, N.; Touati, H.; Hadded, M.; Muhlethaler, P. A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers 2022, 11, 186. https://doi.org/10.3390/computers11120186
Hidouri A, Hajlaoui N, Touati H, Hadded M, Muhlethaler P. A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers. 2022; 11(12):186. https://doi.org/10.3390/computers11120186
Chicago/Turabian StyleHidouri, Abdelhak, Nasreddine Hajlaoui, Haifa Touati, Mohamed Hadded, and Paul Muhlethaler. 2022. "A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking" Computers 11, no. 12: 186. https://doi.org/10.3390/computers11120186
APA StyleHidouri, A., Hajlaoui, N., Touati, H., Hadded, M., & Muhlethaler, P. (2022). A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers, 11(12), 186. https://doi.org/10.3390/computers11120186