Advancing NDN security: Efficient identification of cache pollution attacks through rank comparison
Abstract
Named Data Networking (NDN) is recognized as one of the most promising future Internet architectures, employing semantic classification to identify devices, thereby enhancing network usability, scalability, and resilience compared to traditional configurations. However, as an emergent technology, NDN necessitates further development, particularly in areas like enhancing signature privacy and data security. This paper primarily addresses the detection and mitigation of cache pollution attacks, a significant issue in the existing NDN mechanisms. Our proposed method involves generating real-time genuine and counterfeit corrupted ranked lists of requested packets. By comparing these lists, abnormal fluctuations in packet numbers and request rates—indicators of potential attacks—can be detected. A distinctive feature of our system is its ability to differentiate between normal attacks and certain emergency events, restraining only the former that addresses the challenge left unresolved by the Cache protection method based on Prefix Hierarchy for content-oriented network (CPMH) model, which is a state-of-the-art and widely used mechanism for protecting cache pollution attack in NDN. Simulation results confirm that the proposed mechanism effectively distinguishes between legitimate popular contents and malicious contents as well as increases a minimum of 10% cache hit ratio during attack situation compared to the CPMH.
