FROG: A packet hop count based DDoS countermeasure in NDN

Abstract

Named Data Networking (NDN) is a promising inter-networking paradigm that focus on content rather than hosts and their physical locations. In NDN Consumers issue Interests for Contents. Producers generate a content in response to each received interest and such content is routed back to the requesting consumer. When compared to IP, NDN brings advantages such as better throughput and lower latency, because routers are able to cache popular contents and satisfy interests for such contents locally. However, before being considered a viable approach, NDN should offer security services that are ideally better, but at least equivalent to current mechanisms in IP.In this regard, mechanisms to prevent DDoS are of paramount importance. In this work we propose FROG: a simple yet effective Interest Flooding Attack (IFA) detection and mitigation method. FROG runs on routers that are directly connected to NDN consumers and monitors packet hop counts. It then calculates mean and variance using stored hop counts to distinguish attackers from legitimate users. We use the NDN simulator ndnSIM to evaluate FROG's effectiveness. Our results show that FROG improves resilience against DDoS attacks. In particular, during an attack, legitimate users can still receive 75% of requested contents. Without FROG this number decreases to 50%.