Detecting and mitigating interest flooding attacks in content-centric network

The original architecture of content-centric network (CCN) may suffer from interest flooding attacks. In this paper, we focus on one type of interest flooding attacks called denial of service against content source (DACS attack). To damage CCN, it floods a large number of malicious interests requesting content that does not exist, which guarantees that no cache hit can occur at routers until these malicious interests reach the target content source. Thus, it can directly exhaust the resource of the victim. To counter it, we propose a threshold-based detecting and mitigating (TDM) scheme. The basic idea is to detect DACS attack on the basis of the frequency that pending interest table items in CCN routers expire (recording this frequency by introducing two counters with their corresponding thresholds and one indicator for counter mode) and to mitigate it by implementing the rate limiter in each router. From the viewpoint of a CCN router, we analyze the performance of TDM in terms of detection ability and effect on mitigating malicious traffic. In addition, we briefly analyze the overhead of TDM. The results show that TDM achieves high detection ability and good effect on mitigating malicious traffic while bringing in small overhead on countering DACS attack. To the best of our knowledge, this is the first attempt to design a detailed scheme embedded with corresponding algorithms on countering this attack. Copyright (c) 2013 John Wiley & Sons, Ltd.