内容中心网络兴趣包泛洪攻击对策研究

发布时间：2018-03-31 14:39

本文选题：内容中心网络　切入点：兴趣包泛洪攻击　出处：《北京交通大学》2014年博士论文

【摘要】：摘要：随着信息技术的飞速发展和新型网络应用的不断涌现,互联网的通信模式已经由以主机网络地址为中心的互联互通,逐渐演变为以内容为中心的信息共享,这催生了内容中心网络架构的兴起。内容中心网络直接依据内容的名字完成信息的分发和获取,网络中传输的兴趣包/数据包不携带用户的位置或身份信息,具有一定的安全优势。然而,内容中心网络仍难免遭受某些网络攻击的侵害,例如,以易于发动且危害巨大而著称的兴趣包泛洪攻击。本文围绕兴趣包泛洪攻击的两种不同类型——主流的虚假兴趣包泛洪攻击(Interest Flooding Attack with Fake Interests,IFA-F)和非主流的真实兴趣包泛洪攻击(Interest Flooding Attack with Real Interests,IFA-R),研究相应的对抗策略。论文主要工作和创新点如下： 1)提出了IFA-F攻击危害分析理论模型。本文采用兴趣包拒绝概率表征IFA-F攻击导致的网络危害程度,推导了IFA-F攻击时单路由器和小型网络拓扑的兴趣包拒绝概率。基于此模型,本文从理论上分析了内容中心网络内容流行度分布、路由器缓存空间大小、路由器待定兴趣表大小及其条目生存时间等关键参数对IFA-F攻击所造成兴趣包拒绝概率的影响,并进行了相应的仿真验证。模型分析和仿真结果表明,IFA-F攻击导致网络兴趣包拒绝概率显著增大,降低了网络性能；网络中访问高流行度内容的兴趣包拒绝概率较低；增大路由器缓存空间或待定兴趣表容量,降低待定兴趣表条目的生存时间,均可降低IFA-F攻击时网络的兴趣包拒绝概率。 2)本文首次提出了一种可行的IFA-F攻击探测和抑制实现方法——基于限速机制的恶意兴趣包路由器对抗策略。该对策充分利用内容中心网络路由器待定兴趣表记录兴趣包状态的特征,基于路由器待定兴趣表条目的超时情况统计IFA-F恶意兴趣包名字前缀,并通过动态调整恶意名字前缀对应的兴趣包准入速率,减轻IFA-F攻击对路由器内存资源的恶意消耗程度。性能评估结果表明,恶意兴趣包路由器对抗策略可以通过探测IFA-F恶意兴趣包的名字前缀信息,有效抑制恶意兴趣包的准入速率,从而使得路由器在遭受IFA-F攻击时仍保持基本的兴趣包转发能力。 3)为实现细粒度的IFA-F攻击探测和抑制方案,本文提出了基于模糊逻辑和路由器协作的恶意兴趣包协同对抗策略。该对策在路由器上监测待定兴趣表使用率以及条目超时比率,并基于模糊逻辑综合判别IFA-F攻击的存在性,以实现对IFA-F攻击的探测功能；同时,通过路由器协作机制,将预警消息从探测到IFA-F攻击的路由器反馈至网络的接入路由器,最终在接入路由器处阻断恶意兴趣包,达到抑制IFA-F攻击危害的效果。基于真实网络拓扑和用户行为模型的仿真表明,恶意兴趣包协同对抗策略减轻了IFA-F攻击对路由器内存资源的恶意消耗,提高了合法兴趣包的内容获取成功率,并降低了兴趣包的内容获取时延。 4)在分析内容中心网络现有典型兴趣包转发策略安全性的基础上,本文首次提出了一种对抗IFA-F攻击的兴趣包／数据包安全转发策略。该策略引入一种新的基于包标记技术、不依赖于待定兴趣表的兴趣包/数据包转发机制,将IFA-F恶意兴趣包从路由器待定兴趣表中彻底解耦合,并以较小的网络带宽消耗,从本质上切断了IFA-F恶意兴趣包对路由器待定兴趣表内存资源的消耗。仿真结果表明,相比基于限速机制的IFA-F攻击对抗方法,本文提出的兴趣包／数据包安全转发策略可以明显减小路由器内存资源消耗量,提高内容中心网络的IFA-F攻击对抗能力。 5)针对非主流类型的真实兴趣包泛洪攻击——IFA-R攻击,本文提出了一种双阈值]IFA-R攻击探测方法。该方法基于探测周期内的路由器待定兴趣表超时条目数量阈值以及网络接口数据流量阈值,推断可能存在的网络流量异常,以探测IFA-R攻击的存在。仿真结果表明,双阈值IFA-R攻击探测方法在短时间内即可探测到IFA-R攻击,并成功识别出恶意兴趣包流经的路由器接口或对应网络链路。
[Abstract]:Abstract : With the rapid development of information technology and the continuous emergence of new network applications , the communication mode of the Internet has evolved into information sharing based on the network address of hosts , which has resulted in the rise of the content center network architecture .

1 ) The theory model of the damage analysis of IFA - F attack is proposed . The probability of interest packet rejection caused by IFA - F attack is deduced by the rejection probability of interest packet . Based on this model , this paper analyzes the influence of the core network content popularity distribution , router cache space size , router to be determined interest table size and its entry survival time on the rejection probability of the interest packet caused by IFA - F attack . The model analysis and simulation results show that IFA - F attack results in a significant increase in the rejection probability of the network ' s interest packet , and the network performance is reduced .
the interest packet rejection probability of accessing high popularity content in the network is low ;
increasing the buffer space of the router or the capacity of the pending interest table , reducing the survival time of the pending interest table entry , and reducing the probability of the rejection probability of the interest package of the network when the IFA - F attack is reduced .

In this paper , a feasible method for detecting and suppressing malicious interest packet router based on speed limit mechanism is put forward for the first time . The countermeasure makes full use of the characteristic of the active packet state of the content center network router . The method makes full use of the characteristic of the active packet ' s state of the content center network router , and reduces the malicious consumption level of the IFA - F attacks on the router memory resources . The performance evaluation results show that the malicious interest packet router counter policy can effectively suppress the admission rate of the malicious interest packet by detecting the prefix information of the IFA - F malicious interest packet , so that the router can still maintain the basic interest packet forwarding capability when subjected to the IFA - F attack .

3 ) In order to realize the detection and suppression scheme of IFA - F attack with fine granularity , this paper puts forward a malicious interest packet cooperation countermeasure strategy based on fuzzy logic and router cooperation . The countermeasure monitors pending interest table usage rate and entry time - out ratio on the router , and comprehensively discriminates the existence of IFA - F attack based on fuzzy logic , so as to realize the detection function of IFA - F attack ;
At the same time , through the router cooperation mechanism , the router that detects the attack from the IFA - F is fed back to the access router of the network , the malicious interest packet is blocked at the access router , and the effect of inhibiting the IFA - F attack hazard is achieved . Simulation of the real network topology and the user behavior model shows that the malicious interest packet cooperation countermeasure strategy reduces the malicious consumption of the IFA - F attack on the router memory resources , improves the content acquisition success rate of the legitimate interest package , and reduces the content acquisition time delay of the interest package .

This paper proposes a new packet / packet security forwarding strategy against IFA - F attacks . This strategy introduces a new packet - based technique , which does not rely on the interested packet / packet forwarding mechanism of the list of interest . The simulation results show that the packet / packet security forwarding strategy proposed in this paper can significantly reduce the memory resource consumption of the router and improve the IFA - F attack countermeasure capability of the content center network .

5 ) Aiming at the flooding attack _ IFA - R attack of the real interest packet of non - mainstream type , this paper proposes a dual - threshold IFA - R attack detection method . The method is based on the number threshold of the time - out entries of the router to be determined in the probe cycle and the data flow threshold of the network interface . The possible network traffic anomaly is inferred to detect the existence of IFA - R attack . The simulation results show that the dual - threshold IFA - R attack detection method can detect the IFA - R attack in a short time and successfully identify the router interface or the corresponding network link through which the malicious interest packet flows .

【学位授予单位】：北京交通大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】