Abstract
The prevalence of distributed denial of service (DDoS) attacks poses a significant challenge to the Internet and cloud environments, including emerging architectures like Named Data Networking (NDN). Among the threats faced by NDN, interest flooding attacks (IFAs) have emerged as a prominent issue. This study presents a novel method for detecting IFAs in NDN by analyzing data name prefix distribution in network traffic to determine the appropriate detection window size. IFAs involve adding a random suffix to a prefix in network traffic, leading to a barrage of interest packets that overwhelm the target without receiving responses. Building upon this observation, a new type of DoS attack called Collaborative Interest Flooding Attack (CIFA) has been identified, which evades existing detection and protection systems using a low-rate attack mode facilitated by collusive manufacturers. To address these challenges, a detection approach combining a rolling time window algorithm and attack detection methodology is proposed. This method evaluates the impact of CIFA attacks on network traffic and examines relevant properties of Pending Interest Table (PIT) entries. Furthermore, the analysis extends to the examination of prefixes in interest packets, providing comprehensive detection of interest flooding attacks. Additionally, the proposed approach effectively restricts the attacker’s port by leveraging the PIT routing character entry to discourage IFA attacks. Experimental results obtained from real-world and simulated scenarios demonstrate the efficacy of the proposed algorithms in detecting DoS attacks. Comparative analysis with existing state-of-the-art methodologies reveals that the proposed approach outperforms them in terms of accuracy, precision, F-Score, GMean, specificity, and sensitivity. By enhancing the detection and mitigation capabilities against interest flooding attacks, this research contributes to the ongoing efforts in securing NDN and future Internet architectures, enabling a more robust and resilient network infrastructure.
Similar content being viewed by others
Data availability
Data sharing not applicable to this article.
References
Gong M, Cai L, Hu J, Sun G (2022) Defense mechanism against interest flooding attacks in content-centric networking. IEEE Access 10:15298–15312
Wang H, Liu Y, Wang L, Ren K (2022) Detecting and mitigating interest flooding attacks in named data networking: a reinforcement learning approach. IEEE Trans Depend Secure Comput 19(1):199–213
Benmoussa A, Kerrache CA, Lagraa N, Mastorakis S, Lakas A, Tahari AEK (2022) Interest flooding attacks in named data networking: survey of existing solutions, open issues, requirements, and future directions. ACM Comput Surv 55(7):1–37
Chen Z, Zhang Y, Li L (2022) Interest flooding attack detection based on Bayesian networks in named data networking. J Netw Syst Manag 30(2):729–750
Liu Y, Liu S, Qian W (2022) D-FLOOD: a defense strategy for interest flooding attacks in named data networking. Comput Commun 186:72–82
Compagno A, Conti M, Gasti P, Tsudik G (2013) Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In: 38th Annual IEEE Conference on Local Computer Networks, Sydney, pp 630–638. https://doi.org/10.1109/LCN.2013.6761300
Wu Z, Feng W, Yue M, Xu X, Liu L (2020) Mitigation measures of collusive interest flooding attacks in named data networking. Comput Secur 97:101971
Afanasyev A, Mahadevan P, Moiseenko I, Uzun E, Zhang L (2013) Interest flooding attack and countermeasures in named data networking. In: 2013 IFIP Networking Conference, Brooklyn, pp 1–9
**n Y, Li Y, Wang W, Li W, Chen X (2017) Detection of collusive interest flooding attacks in named data networking using wavelet analysis. In: MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM), Baltimore, pp 557–562. https://doi.org/10.1109/MILCOM.2017.8170763
Pu C, Payne N, Brown J (2019) Self-adjusting share-based countermeasure to interest flooding attack in named data networking. In: 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Atlanta, pp 142–147. https://doi.org/10.1109/iThings/GreenCom/CPSCom/SmartData.2019.00045
Dong J, Wang K, Quan W, Yin H (2020) InterestFence: simple but efficient way to counter interest flooding attack. Comput Secur 88. https://doi.org/10.1016/j.cose.2019.10162
Alsowail S, Sqalli MH, Abu-Amara M, Baig Z, Salah K (2016) An experimental evaluation of the EDoS-shield mitigation technique for securing the cloud. Arab J Sci Eng 41(12):5037–5047
Naresh Kumar M, Sujatha P, Kalva V, Nagori R, Katukojwala AK, Kumar M (2012) Mitigating economic denial of sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks, Mathura, pp 535–539. https://doi.org/10.1109/CICN.2012.149
Mary IM, Kavitha P, Priyadharshini M, Ramana VS (2014) Secure cloud computing environment against DDoS and EDos attacks. Int J Comput Sci Inf Technol 5(2):1803–1808
Modi CN, Patel D (2013) A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Singapore, pp 23-30. https://doi.org/10.1109/CICYBS.2013.6597201
Hameed S, Ali U (2015) On the efficacy of live DDoS detection with Hadoop. Network Operations and Management
Javanmardi S, Shojafar M, Shariatmadari S, Abawajy JH, Singhal M (2014) PGSW-OS: a novel approach for resource management in a semantic web operating system based on a P2P grid architecture. J Supercomput 69(2):955–975
Li W, Wang Z, Yuan Y, Guo L (2016) Particle filtering with applications in networked systems: a survey. Complex Intell Syst 24:293–315
Qi L, Huang H, Li F, Malekian R, Wang R (2019) A novel shilling attack detection model based on particle filter and gravitation. China Commun 10:112–132
Aborujilah A, Musa S (2017) Cloud-based DDoS HTTP attack detection using covariance matrix approach, journal of computer networks and communications 2017: 8. Article ID 7674594, https://doi.org/10.1155/2017/7674594
Sreeram I, Vuppala VP (2019) HTTP flood attack detection in application layer using machine learning metrics and bio-inspired bat algorithm. Appl Comput Inf 15(1):59–66. ISSN 2210-8327. https://doi.org/10.1016/j.aci.2017.10.003
Liu L, Feng W, Wu Z, Yue M, Zhang R (2020) The detection method of collusive interest flooding attacks based on prediction error in NDN. IEEE Access 8:128005–128017. https://doi.org/10.1109/ACCESS.2020.3008723
Virupakshar KB, Asundi M, Channal K, Shettar P, Patil S, Narayan DG (2020) Distributed denial of service (DDoS) attacks detection system for OpenStack-based private cloud. Proced Comput Sci 167:2297–2307. ISSN 1877-0509. https://doi.org/10.1016/proceedings.2020.03.282
Barki L, Shidling A, Meti N, Narayan DG, Mulla MM (2016) Detection of distributed denial of service attacks in software-defined networks. Advances in computing, communications, and informatics (ICACCI). 2016 international conference on IEEE
Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials 18(1):602–622. https://doi.org/10.1109/COMST.2015.2487361
Meti N, Narayan DG, Baligar VP (2017) Detection of distributed denial of service attacks using machine learning algorithms in software-defined networks. 2017 international conference on advances in computing, communications and informatics (ICACCI), Udupi 1366-1371
Guptha NS, Patil KK (2017) Earth mover’s distance-based CBIR using adaptive regularised kernel fuzzy C-means method of liver cirrhosis histopathological segmentation. Int J Signal Imaging Syst Eng 10(1–2):39–46
Guptha NS, Balamurugan V, Megharaj G, Sattar KNA, Rose JD (2022) Cross lingual handwritten character recognition using long short term memory network with aid of elephant herding optimization algorithm. Pattern Recognition Lett Elsevier J 159:16–22. https://doi.org/10.1016/j.patrec.2022.04.038
Praveena HD, Guptha NS, Kazemzadeh A, Parameshachari BD, Hemalatha KL (2022) Effective CBMIR system using hybrid features-based independent condensed nearest neighbour model. Hindawi J Healthc Eng 2022 |Article ID 3297316 |. https://doi.org/10.1155/2022/3297316
Author information
Authors and Affiliations
Contributions
All authors have equal contributions in this work.
Corresponding author
Ethics declarations
Conflict of interest
Authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Consent to participate
All the authors involved have agreed to participate in this submitted article.
Consent to publish
All the authors involved in this manuscript give full consent for publication of this submitted article.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mohiddin, S.K., Midhunchakkaravarthy, D. & Hussain, M.A. TSWA: a unique approach to overcome interest flooding attacks in the cloud using a combination of TSW and attack detection. Multimed Tools Appl 83, 32673–32713 (2024). https://doi.org/10.1007/s11042-023-16660-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-16660-8