一种基于链路差异性的命名数据网络反污染攻击方法

发布时间：2018-03-11 00:33

本文选题：命名数据网络　切入点：缓存污染攻击　出处：《中国科学技术大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着互联网的持续迅速发展,网络的内容信息呈现爆炸式增长的趋势,网络的核心目标不再是由主机与主机的连接通讯,信息内容逐渐成为了网络中主体。为了解决当前互联网面临的复杂性、安全性以及扩展性等问题,研究者提出了抛弃传统TCP/IP的革命式未来网络体系架构。信息中心网络(Information-centric Networking,ICN)被认为是一种能够较好满足用户对信息传递需求的新型网络体系结构。其中,命名数据网络(Named Data Networking,NDN)则是新兴的信息中心网络中备受瞩目的一个项目。不幸的是,命名数据网络其内部的缓存机制很容易遭受不同种类的攻击。本论文主要研究伪局部性污染攻击(false-locality pollution attack),采用该种攻击的攻击者会重复地请求流行度低的对象使得恶意对象占用命名数据网络中路由器有限的缓存资源,最终达到降低正常用户的命中率、影响用户体验的目的。本文首先对攻击者在命名数据网络中采用的攻击方式建立一个统一的数学模型并检测攻击的有效性。仿真实验表明,攻击者使用有限的资源发动的伪局部性攻击能够对命名数据网络造成巨大的危害。为了检测并降低该类型攻击的危害,本文提出了一种在互联网服务提供商(ISP)的入网点(point-of-presence,PoP)网络中利用兴趣报文(Interest)的传输链路差异性的反污染算法,并从理论上分析了提出的算法的合理性。同时,本文采用基于概率统计和布隆过滤器两个计算存储代价低的技术在命名数据网络中的路由器中实现该算法。实验结果表明,在不引起巨大开销的前提下,提出的算法对伪局部性缓存污染攻击具有显著防御效果。最后,本文针对攻击者采取的反检测策略进行研究,通过实验证明了这些反检测策略是无效的。
[Abstract]:With the continuous and rapid development of the Internet, the content information of the network is increasing explosively. The core goal of the network is no longer the connection between the host and the host. Information content has gradually become the main body in the network. In order to solve the complexity, security and expansibility of the current Internet, Researchers have proposed a revolutionary future network architecture that abandons traditional TCP/IP. Information-centric networking is considered to be a new type of network architecture that can better meet the needs of users for information delivery. Named Data networking is a high-profile project in the emerging network of information centers. Unfortunately, The internal cache mechanism of named data network is vulnerable to different kinds of attacks. This paper mainly studies false-locality pollution attack. the attacker who adopts this attack will repeatedly request objects with low popularity. Malicious objects take up the limited cache resources of routers in named data networks, Finally, the purpose of reducing the hit rate of normal users and affecting the user experience is achieved. Firstly, a unified mathematical model is established for the attack mode used by attackers in named data networks and the effectiveness of the attacks is detected. The simulation results show that, A pseudo-local attack launched by an attacker with limited resources can cause great harm to a named data network. In order to detect and reduce the damage of this type of attack, In this paper, we propose an anti-pollution algorithm which utilizes the differences of transmission links between interest packets and Interests in the point-of-presencePoP (PoP) network of ISP, and theoretically analyzes the rationality of the proposed algorithm. In this paper, the algorithm is implemented in routers in named data networks based on probabilistic statistics and Blunt filter. The experimental results show that the algorithm is not costly. The proposed algorithm has a significant defense effect against pseudo-local cache contamination attacks. Finally, the anti-detection strategies adopted by attackers are studied in this paper, and the experimental results show that these anti-detection strategies are ineffective.
【学位授予单位】：中国科学技术大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.0

【相似文献】