LAUSR

In Named Data Networking (NDN), Collusive Interest Flooding Attacks (CIFA) is a new type of Distributed Denial of Service (DDoS) attacks, which can effectively affect the performance of NDN by sending malicious Interests intermittently. Since the concealment of CIFA is strong, the existing detection methods for Interest Flooding Attacks (IFA) are difficult to find the malicious Interests in the NDN network. However, the subsequent attack strength of CIFA is weaker than that of IFA, resulting in the attack range of CIFA is much smaller than that of IFA in large network topologies. In order to launch the most serious attack with the least cost, the attack model of CIFA has been improved by our previous work, namely Improved Collusive Interest Flooding Attacks (I-CIFA). To better take the countermeasures against I-CIFA, this paper studies the adverse effects of I-CIFA in NDN and proposes a detection mechanism for I-CIFA. Foremost, we extract the corresponding network traffic and analyze the impact of I-CIFA on malicious routing nodes in different locations of the network. Furthermore, the detection mechanism based on BO-GBM fusion algorithm is proposed to detect I-CIFA through classifying the network traffic. Finally, several specific performance metrics are adopted to evaluate the practicability of BO-GBM fusion algorithm in detecting I-CIFA. The results show that BO-GBM fusion algorithm has better detection performance than other existing detection schemes, with the detection rate of 98.69%, false alarm rate of 1.36% and missing alarm rate of 1.43%.