Interest Flooding Attack Mitigation in Vehicular Name Data Networks (VNDN)

Abstract

In connected vehicular ecosystem, multimedia data sharing is rapidly increasing and it has emerged as a crucial aspect of Vehicular Ad-hoc Network (VANET). Traditional TCP/IP network model is found inappropriate to cope with high mobility, network volatility and intermittent connectivity between vehicular nodes. During the last few years, Named Data Network (NDN) has been considered as a promising candidate for efficient and seamless connectivity between vehicular nodes. Vehicular Named Data Network (VNDN) has been used to handle intermittent connectivity between vehicles, mobility, seamless connectivity and scalability problems in host-centric VANET environment. In VNDN, communication takes place on the basis of name instead of host IP address mechanism. Moreover, communication between vehicles follows pull based approach, i.e., data packets are generated on demand to prevent network from overloading. However, there are certain security challenges in a VNDN environment. These challenges are Denial-of-Service (DoS) Attacks, Cache related attacks, timing attacks, Interest Flooding Attack (IFA) etc. This research work focuses on Interest Flooding Attack (IFA) in a VNDN scenario. In IFA, attacker(s) generates malicious Interest packets with non-existent prefix to exhaust network resources and cause Interest packet flooding across the network. This thesis has proposed a novel attack mitigation scheme to counter this problem. The proposed Priority based per-flow Interest rate monitoring scheme determines suspicious flow of malicious incoming Interest packets in attacked vehicles. Moreover, proposed attack mitigation method comprises three different phases, i.e., attack detection, recovery and prevention, to prevent VNDN scenario from shutting down. Detection phase identifies suspicious flow of incoming Interest packets while attack recovery phase back tracks attacker vehicle(s). The proposed research scheme has introduced attack prevention phase to limit scalability of IFA in a VNDN scenario. A priority flag is assigned to incoming flow of Interest packets that detects IFA. The priority of incoming Interest packet flow is calculated on the basis of various parameters, i.e., Average Interest transmission rate, Interest Satisfaction Rate, Interest packet retransmission count, Interest Satisfaction Ratio (ISR), number of hop x traversed, cache hit/miss ratio and Interest packet transmission delay. The aforementioned metrics are considered to avoid false attack detection and rejection of legitimate Interest packets. Repeated Simulations show that proposed IFA mitigation scheme outperforms prior perface Interest rate limiting solutions in terms of improved Interest Satisfaction rate, cache hit ratio and ISR during attack window. Besides this, proposed research model also maintains low rate of Pending Interest Table (PIT) utilization, packet collisions, Interest packets retransmission count, end-to-end delay and ratio of Unsatisfied Interest packets. Furthermore, scalability of proposed research strategy is also evaluated by changing density of attackers at real-time. Moreover in proposed attack mitigation model, rate of incoming legitimate Interest packets increases by reducing drop rate of valid Interest packets.