Calculating distributed denial of service attack probability in bloom-filter based information-centric networks

• Autorzy: Vassilakis V. G. , Wang L. , Moscholios I. D. , Logothetis M. D.

Identyfikatory

DOI

10.1515/ipc-2016-0001

• Języki publikacji: EN

Abstrakty

EN

Information-Centric Networking (ICN) is an emerging networking technology that has been designed to directly operate on named content/information objects, rather than relying on the knowledge of the content location. According to the ICN principles, a user requests the information object by its name or some other form of object identifier. After that, the ICN system is responsible for finding the particular object and send In git back to theuser. Despite a large number of works on ICN in recent years, ICN systems still face security challenges. This is especially true when considering different types of alternative networks, such as the wireless community networks (WCNs). In this work, we explore the applicability of ICN principles in the challenging and unpredictable environments of WCNs. We consider stateless contentdisseminationusingBloomfilters(BFs) and analyze two BF based approaches: the traditional single-stage BF and its generalization, the multi-stageBF. We fokus on the security aspects of BF based approaches and in particular on distributed denial of service (DDoS) attacks. Finally, we investigate the attaca probabilisty for various system and net work parameters, such as the number of hash functions, the BFmaximum fill factor, and the number of hops toward the victim node.

Słowa kluczowe

EN

information-centric network; distributed denial of service; Bloom Filter

• Wydawca: Instytut Telekomunikacji i Informatyki Uniwersytetu Technologiczno-Przyrodniczego w Bydgoszczy
• Czasopismo: Image Processing & Communications
• Rocznik: 2016
• Tom: Vol. 21, no. 1
• Strony: 7--22
• Opis fizyczny: Bibliogr. 66 poz., rys., tab.

Twórcy

autor

Vassilakis V. G.

• Department of Computer Science, University of York, York YO10 5GH, United Kingdom

autor

Wang L.

• Computer Laboratory, University of Cambridge, Cambridge CB3 0FD, United Kingdom

autor

Moscholios I. D.

• Dept. of Informatics & Telecommunications, University of Peloponnese, Tripolis 210 00, Greece

autor

Logothetis M. D.

• Dept. of Electrical & Computer Engineering, University of Patras, Patras 265 04, Greece

Bibliografia

• [1] Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., and Ohlman, B. (2012, July). A survey of information-centric networking. IEEE Communications Magazine 50(7), 26-36.
• [2] Alzahrani, B. A., Reed, M. J., and Vassilakis, V. G. (2012, September). Enabling z-Filter updates for self-routingdenial-of-service resistant capabilities. In Proceedings of the 4th Computer Science and Electronic Engineering Conference (CEEC), Colchester, U.K., 100-105.
• [3] Alzahrani, B.A., Vassilakis, V.G., and Reed, M.J. (2013, May). Mitigating brute-force attacks on Bloom-filter based forwarding. In Proceedings of the Conference on Future Internet Communications (CFIC), Coimbra, Portugal.
• [4] Alzahrani, B.A., Vassilakis, V.G., and Reed, M.J. (2014, July). Selecting Bloom-filter header lengths for secure information centric networking. In Proceedings of the 9th IEEE/IET International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Manchester, U.K., 628-633.
• [5] Alzahrani, B.A., Reed, M.J., and Vassilakis, V.G. (2015, May). Resistance against brute-force attacks on stateless forwarding in information centric networking. In Proceedings of the 11thACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Oakland, California, USA, 193-194.
• [6] Alzahrani, B.A., Reed, M.J., Riihijärvi, J., and Vassilakis, V.G. (2015, April). Scalability of information centric networking using mediated topology management .Journal of Network and Computer Applications 50, 126-133.
• [7] Alzahrani, B.A., Vassilakis, V.G., Alreshoodi, M., Alarfaj, F., and Alhindi, A. (2016). Proactive detection of DDoS attacks in Publish-Subscribe networks. International Journal of Network Security & Its Applications (IJNSA) 8(4), 1-15.
• [8] Antikainen, M., Aura, T., and Särelä, M. (2014). Denial-of-service attacks in bloom-filter-based forwarding. IEEE/ACM Transactions on Networking 22(5), 1463-1476.
• [9] Augé, J., Carofiglio, G., Grassi, G., Muscariello, L., Pau, G., and Zeng, X. (2015, Sept./Oct.). Anchorless producer mobility in ICN. In Proceedings of the 2nd ACM International Conference on InformationCentricNetworking(ICN),SanFrancisco,USA,189190.
• [10] Broder, A. and Mitzenmacher, M. (2004). Network applications of bloom filters: A survey. Internet Mathematics 1(4), 485-509.
• [11] Carl, G., Kesidis, G., Brooks, R. R., and Rai, S. (2006). Denial-of-service attack-detection techniques. IEEE Internet Computing 10(1), 82-89.
• [12] Carofiglio, G., Gallo, M., Muscariello, L., and Perino, D. (2015, September). Pending interest table sizing in named data networking. In Proceedings of the 2nd ACM International Conference on Information-Centric Networking, San Francisco, USA, 49-58.
• [13] Carrea, L., Vernitski, A., and Reed, M.J. (2014, January). Optimized hash for network path encoding with minimized false positives. Computer Networks 58, 180-191.
• [14] Chai, W.K., Katsaros, K.V., Strobbe, M., Romano, P., Ge, C., Develder, C., Pavlou, G., and Wang, N. (2015, Sept./Oct.). Enabling smart grid applications with ICN. In Proceedings of the 2nd ACM International Conference on Information-Centric Networking (ICN), San Francisco, USA, 207-208.
• [15] The CCNx (Content-Centric Networking) Project, http://www.ccnx.org [December 2016].
• [16] D’Oro,S.,Galluccio,L., Morabito, G.,and Palazzo, S. (2014). SatCache: A profile-aware caching strategy for information-centric satellite networks. Transactions on Emerging Telecommunications Technologies 25(4), 436-444.
• [17] Dai, H., Lu, J., Wang, Y., and Liu B. (2015, April/May). BFAST: Unified and scalable index for NDN forwarding architecture. In Proceedings of the 34th IEEE International Conference on Computer Communications (INFOCOM), Hong Kong, 2290-2298.
• [18] Dannewitz,C.,Kutscher,D.,Ohlman,B.,Farrell,S., Ahlgren, B., and Karl, H. (2013). Network of Information (NetInf) - An information-centric networking architecture. Computer Communications 36(7), 721735.
• [19] Esteve, C., Verdi, F. L., and Magalhaes, M. F. (2008, December). Towards a new generation of information-oriented internetworking architectures. In Proceedings of the 2008 ACM CoNEXT Conference, Madrid, Spain.
• [20] Fotiou, N., Nikander, P., Trossen, D., and Polyzos, G.C. (2010, October). Developing information networking further: From PSIRP to PURSUIT. In Proceedings of the 7th InternationalI CST Conference on Broadband Communications, Networks, and Systems (BROADNETS), Athens, Greece, 1-13.
• [21] Fotiou,N.,andPolyzos,G.C.(2014,Sept.).ICNprivacy and name based security. In Proceedings of the 1st ACM International Conference on InformationCentric Networking (ICN), Paris, France, 5-6.
• [22] Fotiou, N., and Polyzos, G. C. (2016, September). Securing Content Sharing over ICN. In Proceedings of the 3rd ACM Conference on Information-Centric Networking, Kyoto, Japan, 176-185.
• [23] Frangoudis, P. A., Polyzos, G. C., and Kemerlis, V. P.(2011).Wireless community networks: Analternative approach for nomadic broad band networkaccess. IEEE Communications Magazine 49(5), 206-213.
• [24] Garcia-Reinoso, J., Fernández, N., Vidal, I., and Fisteus, J. (2015, January). Scalable data replication in content-centric networking based on alias names. Journal of Network and Computer Applications 47, 85-98.
• [25] Guifi.Net Community Network, www.guifi.net [December 2016].
• [26] Handley,M.(2006,July).Why the Internet Orly just works. BT Technology Journal 24(3), 119-129.
• [27] Hoefling, M., Heimgaertner, F., Menth, M., Katsaros, K. V., Romano, P., Zanni, L., and Kamel, G. (2015, March). Enabling resilient smart grid Communications over the information-centricC-DAXmiddleware. In Proceedings of the IEEE International Conference and Workshops on Networked Systems (NetSys), Cottbus, Germany, 1-8.
• [28] Jacobson,V.,Smetters,D.K.,Thornton,J.D.,Plass, M. F., Briggs, N. H., and Braynard, R. L. (2009, December). Networking named content. In Proceedings of the 5th ACM International Conference on Emerging Networking Experiments and Technologies (CONEXT), Rome, Italy, 1-12.
• [29] Jokela, P., Zahemszky, A., Rothenberg, C.E., Arianfar, S., and Nikander, P. (2009, October). LIPSIN: Line speed publish/subscribe internetworking. ACM SIGCOMM Computer Communications Review 39(4), 195-206.
• [30] Kamel, G. Wang, N., Vassilakis, V., Sun, Z., Navaratnam, P., Wang, C., Dong, L., and Tafazolli, R. (2015, August). CAINE: A context-aware information-centric network ecosystem. IEEE Communications Magazine, 53(8), 176-183.
• [31] Katsaros, K.V., Chai, W.K., Wang, N., Pavlou, G., Bontius, H., and Paolone, M. (2014, May/June). Information-centric networking for machine-tomachine data delivery: A case study in smart grid applications. IEEE Network 28(3), 58-64.
• [32] Li, D., and Cuah, M.C. (2013, December). SCOM: A scalable content centric network architecture with mobility support. In Proceedings of the 9th IEEE International Conference on MobileAd-hocand Sensor Networks (MSN), Dalian, Liaoning, China, 25-32.
• [33] Liolis, K. P., Drougas, A., Andrikopoulos, I. A., Arnal, F., Baudoin, C., Ververidis, C. N., and Guta, M. (2012, September). Satellite-Terrestrial Integration Scenarios for Future Information-Centric Networks.InProceedingsofthe30thAIAAInternational Communications Satellite Systems Conference (ICSSC), Ottawa, Canada.
• [34] Martignon, F., Paris, S., Filippini, I., Chen, L., and Capone, A. (2015). Efficient and truthful bandwidth allocation in wireless mesh community networks. IEEE/ACM Transactions on Networking 23(1), 161174.
• [35] Massawe, E.A., Du, S., and Zhu, H. (2013, July). A scalable and privacy-preserving named data networking architecture based on Bloom filters. In Proceedings of the 33rd IEEE International Conference on Distributed Computing Systems (ICDCS), Philadelphia, USA, 22-26.
• [36] Papalini, M., Carzaniga, A., Khazaei, K., and Wolf, A.L. (2014, September). Scalable routing for tag-based information-centric networking. In Proceedings of the 1st ACM International Conference on Information-Centric Networking (ICN), Paris, France, 17-26.
• [37] H2020 POINT (iP Over IcN the betTer IP) Project, https://www.point-h2020.eu [December 2016].
• [38] FP7 PURSUIT (Pursuing a Pub/Sub Internet) Project, http://www.fp7-pursuit.eu [December 2016].
• [39] Quan, W., Xu, C., Vasilakos, A.V., Guan, J., Zhang, H., and Grieco, L.A. (2014, June). TB2F: Treebitmap and Bloom-filter for a scalable and efficient name lookup in content-centric networking. In Proceedings of the IFIP Networking Conference, Trondheim, Norway, 1-9.
• [40] H2020 RIFE (aRchitecture for an Internet For Everybody) Project, https://rife-project.eu [December 2016].
• [41] Rothenberg, C.E., Jokela, P., Nikander, P., Särelä, M., and Ylitalo, Y. (2009). Self-routing denial-of service resistant capabilities using in-packet Bloom filters. In Proceedings of the European Conference on Computer Network Defense (EC2ND), Milan, Italy, 46-51.
• [42] Särelä, M., Rothenberg, C.E., Aura, T., Zahemszky, A., Nikander, P., and Ott, J. (2011, April). ForwardinganomaliesinBloomfilter-basedmulticast.InProceedings of the 30th IEEE International Conference on Computer Communications (INFOCOM), Shanghai, China, 2399-2407.
• [43] Siris, V. A., Ververidis, C. N., Polyzos, G. C., and Liolis, K. P. (2012, October). Information-Centric Networking (ICN) architectures for integration of satellites into the Future Internet. In Proceedings IEEE First AESS European Conference on Satellite Telecommunications (ESTEL), Rome, Italy, 1-6.
• [44] Sourlas, V., Flegkas, P., Georgatsos, P., and Tassiulas, L. (2014, December). Cache-aware traffic engineering in information-centric networks. In Proceedings of the 19th IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Athens, Greece, 295-299.
• [45] Sourlas, V., Psaras, I., Saino, L., and Pavlou, G. (2016, July). Efficient hash-routing and domain clustering techniques for information-centric networks. Computer Networks 103, 67-83.
• [46] Sun, Y., Fayaz, S.K., Guo, Y., Sekar, V., Jin, Y., Kaafar,M.A.,andUhlig,S.(2014,December).Tracedriven analysis of ICN caching algorithms on videoon-demand workloads. In Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies (CoNEXT), Sydney, Australia, 363-376.
• [47] Tapolcai, J., Gulyás, A., Heszbergery, Z., Biro, J., Babarczi, P., and Trossen, D. (2012, December). Stateless multi-stage dissemination of information: Source routing revisited. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), Anaheim, California, USA, 2797-2802.
• [48] Tapolcai, J., Bíró, J., Babarczi, P., Gulyás, A., Heszberger, Z., and Trossen, D. (2015, December). Optimal false-positive-free Bloom filter design for scalable multicast forwarding. IEEE/ACM Transactions on Networking 23(6), 1832-1845.
• [49] Thomas, Y., Xylomenos, G., Tsilopoulos, C., and Polyzos, G.C. (2015, September). Object-oriented Packet Caching for ICN. In Proceedings of the 2nd ACM International Conference on InformationCentric Networking, 89-98.
• [50] Thomas, Y., Frangoudis, P.A., and Polyzos, G.C. (2015, June). QoS-driven multipath routing for ondemand video streaming in a publish-subscribe Internet. In Proceedings of the IEEE International ConferenceonMultimedia&ExpoWorkshops(ICMEW), 1-6.
• [51] Tortelli, M.L., Grieco, A., and Boggia, G. (2012, September).CCNforwardingenginebasedonBloom filters. In Proceedings of the 7th ACM International Conference on Future Internet Technologies, Seoul, Republic of Korea, 13-14.
• [52] Tsilopoulos, C., Xylomenos, G., and Thomas, Y. (2014, April/May). Reducing forwarding state in content-centricnetworkswithsemi-statelessforwarding. In Proceedings of the 33th IEEE International Conference on Computer Communications (INFOCOM), Toronto, Canada, 2067-2075.
• [53] Tyson, G., Sastry, N., Rimac, I., Cuevas, R., and Mauthe, A. (2012, June). A survey of mobility in information-centric networks: Challenges and research directions. In Proceedings of the 1st ACM workshop on Emerging Name-Oriented Mobile Net working Design-Architecture, Algorithms, and Applications, 1-6.
• [54] H2020 UMobile (Universal, Mobile-centric and opportunistic communication architecture) Project, http://www.umobile-project.eu [December 2016].
• [55] Vasilakos, X., Siris, V.A., Polyzos, G.C., and Pomonis, M. (2012, August). Proactive selective neighbor caching for enhancing mobility support in information-centric networks. In Proceedings of the 2nd ACM Workshop on Information-Centric Networking (ICN), Helsinki, Finland.
• [56] Vassilakis, V.G., Al-Naday, M.F., Reed, M.J., Alzahrani, B.A., Yang, K., Moscholios, I.D., and Logothetis, M.D. (2014, July). A cache-aware routing scheme for information-centricnetworks. InProceedingsofthe9thIEEE/IETInternational Symposiumon Communication Systems, Networks & Digital Signal Processing (CSNDSP), Manchester, U.K., 721-726.
• [57] Vassilakis, V.G., Alohali, B.A., Moscholios, I.D., and Logothetis, M.D. (2015, June). Mitigating distributed denial-of-service attacks in named data networking. In Proceedings of the 11th Advanced International Conference on Telecommunications (AICT), Brussels, Belgium, 18-23.
• [58] Vassilakis, V.G., Carrea, L., Moscholios, I.D., and Logothetis, M.D. (2016, July). Mediator-assisted multi-source routing ininformation-centric networks. In Proceedings of the 10th IEEE/IET International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Prague, Czech Republic.
• [59] Vassilakis, V.G., Wang, L., Carrea, L., Moscholios, I.D., and Logothetis, M.D. (2016). Scalable Bloomfilter based content dissemination in community networks using information centric principles. In Proceedings of the IEICE Information and Communication Technology Forum (ICTF), Patras, Greece.
• [60] Vural, S., Wang, N., Navaratnam, P., and Tafazolli, R.(2016).Caching Transient Data In Internet Content Routers. IEEE/ACM Transactions on Networking (in press).
• [61] Xylomenos, G., Ververidis, C.N., Siris, V.A., Fotiou, N., Tsilopoulos, C., Vasilakos, X., Katsaros, K.V., and Polyzos, G.C. (2014, May). A survey of information-centric networking research. IEEE Communications Surveys & Tutorials 16(2), 1024-1049.
• [62] Yang, W., Trossen, D., and Tapolcai, J. (2013, June). Scalable forwarding for information-centric networks. In Proceedings of the IEEE International Conference on Communications (ICC), Budapest, Hungary, 3639-3644.
• [63] Yi, C., Afanasyev, A., Moiseenko, I., Wang, L., Zhang, B., and Zhang, L. (2013, April). A case for state ful forwarding plane. Computer Communications 36(7), 779-791.
• [64] Yuan, H., Song, T., and Crowley, P. (2012, July/August). Scalable NDN forwarding: Concepts, issues and principles. In Proceedings of the 21st International Conference on Computer Communications and Networks, Munich, Germany.
• [65] Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., Crowley, P., Papadopoulos, C., Wang, L., Zhang, B. (2014, July). Named data networking. ACM SIGCOMM Computer Communications Review 44(3), 66-73.
• [66] Zhang,X.,Wang,N.,Vassilakis,V.G.,and Howarth, M.P. (2015, November). A distributed in-network caching scheme for P2P-like content chunk delivery. Computer Networks 91, 577-592.

Uwagi

PL

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę.