面向NDN的网络攻击检测技术分析

Analysis of Network Attack Detection Technology Oriented to NDN

随着网络的发展,传输控制协议/网际协议(Transmission Control Protocol/Internet Protocol,TCP/IP)架构已经不能适应现实的通信需求,存在诸多弊端。命名数据网络(Named Data Network,NDN)在内容分发、移动性支持以及内生安全等方面具有独特优势,成为未来网络架构方案中极具代表性的一种。NDN网络避免了IP架构中的一系列问题,但也带来了新的安全隐患,如兴趣包泛洪攻击、缓存污染攻击等。针对主流攻击方式的特点,从攻击检测角度出发,剖析现有方案,总结不同检测方案采用的策略类型及其各自的优缺点,并展望其发展前景。

With the development of the network,the TCP/IP architecture can no longer adapt to the actual communication needs,and there are many drawbacks.NDN(Named Data Network)has unique advantages in content distribution,mobility support,endogenous security,etc.,making it a very representative one of the future network architecture solutions.The NDN network avoids a series of problems in the IP architecture,but it is also accompanied by new security risks,such as interest packet flooding attacks and cache pollution attacks.Aiming at the characteristics of mainstream attack methods,this paper analyzes the existing schemes from the perspective of attack detection,summarizes the types of strategies adopted by different detection schemes and their respective advantages and disadvantages,and looks forward to the future development prospects.