Abstract
Information Centric Networking (ICN) is a new communication paradigm for the future Internet that focuses on contents rather than infrastructures or end-points. Distributed Denial of Service (DDoS) attacks that may occur in many scenarios in an ICN, can overwhelm ICN routing and caching resources. In this paper, we focus on routing related DDoS attacks from both publisher and subscriber points of view and how they impact ICNs. We then propose a generic solution independent of a specific ICN architecture. This solution is based on a number of countermeasures: request satisfaction ratio, request rate limit, rating for contents and publishers, and test message. We present the implementation results, which show that the solution mitigates the routing related DDoS attacks and efficiently enhances the ICN performance in the existence of these attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cisco visual networking index: forecast and methodology, 2012–2017 (2013)
Pan, J., Paul, S., Jain, R.: A survey of the research on future internet architectures. IEEE Commun. Mag. 49(7), 26–36 (2011)
Bari, M.F., Chowdhury, S.R., Ahmed, R., Boutaba, R., Mathieu, B.: A survey of naming and routing in information-centric networks. IEEE Commun. Mag. 49(12), 44–53 (2012)
Afanasyev, A., Moiseenko, I., Zhang, L.: ndnsim: NDN simulator for NS-3, Technical Report, University of California, Los Angeles (2012)
Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: Mitigating interest flooding DDoS attacks in named data networking, arXiv preprint:1303.4823 (2013)
Afanasyev, A., Mahadevany, P., Moiseenko, I., Uzuny, E., Zhang, L.: Interest flooding attack and countermeasures in named data networking. In: Proceedings of IFIP Networking, Brooklyn, New York, USA (2013)
Fotiou, N., Marias, G., F., Polyzos, G., C.: Fighting spam in publish/subscribe networks using information ranking. In: 6th EURO-NF Conference on Next Generation Internet (NGI), pp. 1–6, Paris (2010)
Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: DoS and DDoS in named data networking. In: Proceedings of the 22nd International Conference on Computing Communications and Networks. IEEE (2013)
Zargar, S., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)
You, Y., Zulkernine, M., Haque, A.: A Distributed defense framework for flooding-based DDoS attacks. In: Proceedings of the International Conference on Availability, Reliability and Security, pp. 245–252. IEEE CS Press, Barcelona, Spain (2008)
Keromytis, A., Misra, V., Rubenstein, D.: SOS: an architecture for mitigating DDoS attacks. IEEE J. Sel. Areas Commun. 22(1), 176–188 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
AbdAllah, E.G., Zulkernine, M., Hassanein, H.S. (2015). Countermeasures for Mitigating ICN Routing Related DDoS Attacks. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-23802-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23801-2
Online ISBN: 978-3-319-23802-9
eBook Packages: Computer ScienceComputer Science (R0)