Accuracy or delay? A game in detecting interest flooding attacks

Abstract

Due to the continuous recording of forwarding states, Information-centric networking (ICN) introduces a new security threat named interest flooding attack. To mitigate this attack, most of the existing works focus on the detecting accuracy. However, we find another important factor that the detecting delay may result in long-term memory occupation. In this letter, aiming to balance the detecting accuracy and delay, we propose an m-list table-based attack detecting (mTBAD) solution to minimize the detecting delay while guaranteeing the accuracy. Particularly, mTBAD maintains an m-list table for malicious Interests entries by combining the disabling PIT exhaustion (DPE) and the negative acknowledgments (NACK). A lightweight monitor is equipped to issue m-NACK packets to inform the attacked router and update its m-list. Extensive simulations based on the GÉANT topology demonstrate that mTBAD reduces the detecting delay by 99.5% (from 280 to 1.2 milliseconds) compared with a state-of-the-art mechanism, at the expense of a very slight loss regarding the false negative rate and the false positive rate. It proves that mTBAD can guarantee the detecting accuracy as well as to prevent long-term memory occupation.