高级检索

    一种联合检测命名数据网络中攻击的方法

    A Method for Joint Detection of Attacks in Named Data Networking

    • 摘要: 兴趣泛洪攻击(interest flooding attack, IFA)和合谋兴趣泛洪攻击(conspiracy interest flooding attack, CIFA)是命名数据网络(named data networking, NDN)面临的典型的安全威胁.针对现有检测方法的检测特征单一因此不能有效地辨别攻击种类以及检测率不够高等问题, 提出一种基于关联规则算法和决策树算法联合检测NDN中攻击的方法.首先, 通过提取NDN路由节点的内容缓存(content cache, CS)中的数据信息挖掘CS中新的检测特征“缓存增长率”, 实验发现“CS数据包增长率”是辨别IFA还是CIFA的有利依据.其次, 使用关联规则算法将新的检测特征与待定兴趣表(pending interest table, PIT)中多个检测特征联合, 寻找各个特征之间的关联性并将其作为决策树的输入.最后, 使用决策树算法检测攻击.该方法使用决策树算法和关联规则算法联合检测NDN中的攻击, 不仅避免了单一特征检测攻击造成的误判并且丰富了决策树的分类属性.分析仿真结果表明该检测方法可以精确地区分并检测IFA和CIFA并且提高了检测率.

       

      Abstract: The interest flooding attack (IFA) and conspiracy interest flooding attack (CIFA) are typical security threats faced by the named data networking (NDN). Aiming at the problem that existing detection methods cannot effectively identify the attack types due to single detection features and the detection rate is not high enough, this paper proposes a method based on association rule algorithm and decision tree algorithm to detect attacks in NDN. First of all, by extracting the data information in the content cache (CS) of NDN routing node, the new detection feature “CS packet growth rate” in CS is mined. It is found in the experiment that “cache growth rate” is a favorable basis for distinguishing attack types. Secondly, association rule algorithm is used to combine the new detection feature with multiple detection features in pending interest table (PIT) to find the correlation between each feature. After preprocessing the output results of multiple association rules, they are used as input into the decision tree as a training set. Finally, the detection model generated by the decision tree algorithm is used to detect the attack. This method uses decision tree algorithm and association rule algorithm to jointly detect attacks in NDN, which not only avoids misjudgment caused by single detection features, but also enriches the classification attributes of decision trees. The simulation results show that this method can accurately distinguish and detect IFA and CIFA and improve the detection rate.

       

    /

    返回文章
    返回