ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (3): 569-582.doi: 10.7544/issn1000-1239.2021.20200448

• 信息安全 • 上一篇    下一篇

一种联合检测命名数据网络中攻击的方法

吴志军,张入丹,岳猛   

  1. (中国民航大学电子信息与自动化学院 天津 300300) (zjwu@cauc.edu.cn)
  • 出版日期: 2021-03-01
  • 基金资助: 
    国家自然基金委员会与中国民航局联合基金项目(U1933108);天津市教委科研计划项目(2019KJ117);中央高校基本科研业务费专项资金(3122020076, 3122019051)

A Method for Joint Detection of Attacks in Named Data Networking

Wu Zhijun, Zhang Rudan, Yue Meng   

  1. (College of Electronic Information and Automation, Civil Aviation University of China, Tianjin 300300)
  • Online: 2021-03-01
  • Supported by: 
    This work was supported by the Joint Funds of the National Natural Science Foundation of China and Civil Aviation Administration of China (U1933108), the Scientific Research Project of Tianjin Municipal Education Commission (2019KJ117), and the Fundamental Research Funds for the Central Universities (3122020076, 3122019051).

摘要: 兴趣泛洪攻击(interest flooding attack, IFA)和合谋兴趣泛洪攻击(conspiracy interest flooding attack, CIFA)是命名数据网络(named data networking, NDN)面临的典型的安全威胁.针对现有检测方法的检测特征单一因此不能有效地辨别攻击种类以及检测率不够高等问题, 提出一种基于关联规则算法和决策树算法联合检测NDN中攻击的方法.首先, 通过提取NDN路由节点的内容缓存(content cache, CS)中的数据信息挖掘CS中新的检测特征“缓存增长率”, 实验发现“CS数据包增长率”是辨别IFA还是CIFA的有利依据.其次, 使用关联规则算法将新的检测特征与待定兴趣表(pending interest table, PIT)中多个检测特征联合, 寻找各个特征之间的关联性并将其作为决策树的输入.最后, 使用决策树算法检测攻击.该方法使用决策树算法和关联规则算法联合检测NDN中的攻击, 不仅避免了单一特征检测攻击造成的误判并且丰富了决策树的分类属性.分析仿真结果表明该检测方法可以精确地区分并检测IFA和CIFA并且提高了检测率.

关键词: 命名数据网络, 兴趣泛洪攻击, 合谋兴趣泛洪攻击, 关联规则, 决策树

Abstract: The interest flooding attack (IFA) and conspiracy interest flooding attack (CIFA) are typical security threats faced by the named data networking (NDN). Aiming at the problem that existing detection methods cannot effectively identify the attack types due to single detection features and the detection rate is not high enough, this paper proposes a method based on association rule algorithm and decision tree algorithm to detect attacks in NDN. First of all, by extracting the data information in the content cache (CS) of NDN routing node, the new detection feature “CS packet growth rate” in CS is mined. It is found in the experiment that “cache growth rate” is a favorable basis for distinguishing attack types. Secondly, association rule algorithm is used to combine the new detection feature with multiple detection features in pending interest table (PIT) to find the correlation between each feature. After preprocessing the output results of multiple association rules, they are used as input into the decision tree as a training set. Finally, the detection model generated by the decision tree algorithm is used to detect the attack. This method uses decision tree algorithm and association rule algorithm to jointly detect attacks in NDN, which not only avoids misjudgment caused by single detection features, but also enriches the classification attributes of decision trees. The simulation results show that this method can accurately distinguish and detect IFA and CIFA and improve the detection rate.

Key words: named data networking (NDN), interest flooding attack (IFA), conspiracy interest flooding attack (CIFA), association rules, decision tree

中图分类号: