摘要
为了解决命名数据网络(Named Data Networking,NDN)中由兴趣洪泛攻击(Interest Flooding Attack,IFA)导致的资源浪费和服务安全等问题,文章根据IFA发生时NDN网络流量的特征提出了针对分布式低速率攻击的基于节点的检测与防御机制,将其部署在可能受攻击影响最大的网络中心节点。首先设计了异常检测触发机制以减少传统周期性检测带来的资源浪费;其次攻击检测部分通过选取重要特征属性、计算信息熵以及利用K均值聚类算法训练好的模型检测异常点,避免了攻击检测的滞后性;最后通过概率替换的方法和“缓解-阻断”的方式对IFA进行防御,准确识别并删除恶意兴趣请求,快速恢复被攻击节点的服务功能,并从源头阻断后续IFA攻击。
In order to solve the problems of resource waste and service security caused by Interest Flooding Attack(IFA)in Named Data Networking(NDN),this paper proposes a node-based detection and defense mechanism of distributed low-rate attacks based on the characteristics of NDN network traffic when IFA occurs,and deploys it in the network center node which may be most affected by attack.Firstly,the anomaly detection trigger mechanism is designed to reduce the waste of resources caused by traditional periodic detection.Secondly,the attack detection part includes selecting the important feature attributes,calculating the information entropy and using the K-means clustering algorithm to detect the abnormal points,which avoids the lag of the attack detection.Finally,the method of probability substitution and the"mitigation-blocking"are used to defend the IFA,it identifies and deletes the malicious interest requests accurately,restores the service function of the attacked node quickly,and blocks the follow-up IFA attacks from the source.
作者
赵雪峰
王兴伟
易波
黄敏
Zhao Xuefeng;Wang Xingwei;Yi Bo;Huang Min(College of Computer Science and Engineering,Northeastern University,LiaoningShenyang 110169;College of Information Science and Engineering,Northeastern University LiaoningShenyang 110819)
出处
《网络空间安全》
2019年第9期33-44,共12页
Cyberspace Security
基金
国家自然科学基金资助项目(项目编号:61872073,61572123)
辽宁省高校创新团队支持计划资助项目(项目编号:LT2016007)。
关键词
命名数据网络
兴趣洪泛攻击
信息熵
K均值聚类
named data network
interest flooding attack
information entropy
K-means clustering