| 内容中心网络中基于熵率的攻击防御方法 |
| |
| 引用本文: | 韦世红,朱红梅,陈翔,李朋明.内容中心网络中基于熵率的攻击防御方法[J].重庆邮电大学学报(自然科学版),2020,32(1):129-137. |
| |
| 作者姓名: | 韦世红 朱红梅 陈翔 李朋明 |
| |
| 作者单位: | 重庆邮电大学 通信与信息工程学院,重庆 400065; 重庆邮电大学 移动通信技术重庆市重点实验室,重庆 400065,重庆邮电大学 通信与信息工程学院,重庆 400065; 重庆邮电大学 移动通信技术重庆市重点实验室,重庆 400065,重庆邮电大学 通信与信息工程学院,重庆 400065; 重庆邮电大学 移动通信技术重庆市重点实验室,重庆 400065,重庆邮电大学 通信与信息工程学院,重庆 400065; 重庆邮电大学 移动通信技术重庆市重点实验室,重庆 400065 |
| |
| 基金项目: | 长江学者和创新团队发展计划(IRT_16R72) |
| |
| 摘 要: | 兴趣包泛洪攻击通过耗尽路由器中待定兴趣表的资源从而对内容中心网络(content centric networking, CCN)产生严重的影响,目前的攻击防御方法主要是基于待定兴趣表的异常状态统计,但这些方法容易对合法用户产生误判,导致用户体验变差,因此针对内容中心网络中检测和防御兴趣包泛洪攻击的问题,提出基于信息熵和熵率的攻击防御方法。利用CCN中用户请求内容名称的随机性检测兴趣包泛洪攻击,再通过信息熵的差值识别恶意名称前缀,并向相邻节点发送包含恶意名称前缀信息的通知包,从而进行协同防御。仿真结果表明,与传统防御方法相比,在尽早检测出攻击的前提下,该方案能将突发流与攻击流进行区分,并快速抑制恶意兴趣包的转发,有效减少网络攻击造成的影响。
|
| 关 键 词: | 内容中心网络 兴趣包泛洪攻击 信息熵 熵率 前缀识别 |
| 收稿时间: | 2018/7/23 0:00:00 |
| 修稿时间: | 2019/11/1 0:00:00 |
Attack defense mechanism for content-centric networking based on entropy rate |
| |
| WEI Shihong,ZHU Hongmei,CHEN Xiang and LI Pengming.Attack defense mechanism for content-centric networking based on entropy rate[J].Journal of Chongqing University of Posts and Telecommunications,2020,32(1):129-137. |
| |
| Authors: | WEI Shihong ZHU Hongmei CHEN Xiang and LI Pengming |
| |
| Institution: | School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China; Chongqing Key Lab of Mobile Communication Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China,School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China; Chongqing Key Lab of Mobile Communication Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China,School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China; Chongqing Key Lab of Mobile Communication Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China and School of Communication and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China; Chongqing Key Lab of Mobile Communication Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, P. R. China |
| |
| Abstract: | Interest flooding attack (IFA) seriously affect Content Centric Networking (CCN) by overwhelming the pending interest table (PIT) of routers, the existing IFA countermeasure methods are mainly based on the PIT abnormal state statistics. However, these methods may cause misjudgment and influence the legitimate users. As for the problem of detecting and defending Interest Flooding Attacks (IFA) in Content Centric Networking (CCN), the defensive method based on entropy and entropy rate is proposed. First of all, we utilize the randomness of user request content name in CCN to detect the IFA, then identify the malicious prefixes through the differences in entropy, and send a notification packet containing the identified name prefixes to adjacent node so as to carry out cooperative defense. The simulation results show that compared with the traditional defense methods, this scheme can distinguish the burst flow from the attack flow on the premise of detecting the attack as early as possible, and quickly suppress the forwarding of malicious interest packets, and effectively reduce the impact of network attacks. |
| |
| Keywords: | content centric networking interest flooding attack entropy entropy rate prefix identification |
|
| 点击此处可从《重庆邮电大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《重庆邮电大学学报(自然科学版)》下载免费的PDF全文 |
|
