Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

TL;DR

This paper introduces Poseidon, a framework designed to detect and mitigate interest flooding DDoS attacks in Named Data Networking, demonstrating its effectiveness through extensive simulation results.

Contribution

The paper presents Poseidon, a novel framework for defending NDN against interest flooding DDoS attacks, addressing a critical security challenge in Content-Centric Networking.

Findings

Poseidon effectively detects interest flooding attacks in simulations.

Interest flooding can significantly degrade NDN performance with limited resources.

Poseidon mitigates attack impact, maintaining network performance.

Abstract

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.