Calculating Distributed Denial of Service Attack Probability in Bloom-Filter Based Information-Centric Networks

Vassilios Vassilakis, Liang Wang, Ioannis D. Moscholios, Michael D. Logothetis

Abstract


Information-Centric Networking (ICN) is an emerging networking technology that has been designed to directly operate on named content/information objects, rather than relying on the knowledge of the content location. According to the ICN principles, a user requests the information object by its name or some other form of object identifier. After that, the ICN system is responsible for finding the particular object and sending it back to the user. Despite a large number of works on ICN in recent years, ICN systems still face security challenges. This is especially true when considering different types of alternative networks, such as the wireless community networks (WCNs). In this work, we explore the applicability of ICN principles in the challenging and unpredictable environments of WCNs. We consider stateless content dissemination using Bloom filters (BFs) and analyze two BF based approaches: the traditional single-stage BF and its generalization, the multi-stage BF. We focus on the security aspects of BF based approaches and in particular on distributed denial of service (DDoS) attacks. Finally, we investigate the attack probability for various system and network parameters, such as the number of hash functions, the BF maximum fill factor, and the number of hops toward the victim node. 


References


Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., and Ohlman, B. (2012, July). A survey of information-centric networking. IEEE Communications Magazine 50(7), 26-36

Alzahrani, B. A., Reed, M. J., and Vassilakis, V. G. (2012, September). Enabling z-Filter updates for self-routing denial-of-service resistant capabilities. In Proceedings of the 4th Computer Science and Electronic Engineering Conference (CEEC), Colchester, U.K., 100-105

Alzahrani, B.A., Vassilakis, V.G., and Reed, M.J. (2013, May). Mitigating brute-force attacks on Bloom-filter based forwarding. In Proceedings of the Conference on Future Internet Communications (CFIC), Coimbra, Portugal

Alzahrani, B.A., Vassilakis, V.G., and Reed, M.J. (2014, July). Selecting Bloom-filter header lengths for secure information centric networking. In Proceedings of the 9th IEEE/IET International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Manchester, U.K., 628-633

Alzahrani, B.A., Reed, M.J., and Vassilakis, V.G. (2015, May). Resistance against brute-force attacks on stateless forwarding in information centric networking. In Proceedings of the 11th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Oakland, California, USA, 193-194

Alzahrani, B.A., Reed, M.J., Riihijärvi, J., and Vassilakis, V.G. (2015, April). Scalability of information centric networking using mediated topology management. Journal of Network and Computer Applications 50, 126-133

Alzahrani, B.A., Vassilakis, V.G., Alreshoodi, M., Alarfaj, F., and Alhindi, A. (2016). Proactive detection of DDoS attacks in Publish-Subscribe networks. International Journal of Network Security & Its Applications (IJNSA) 8(4), 1-15

Antikainen, M., Aura, T., and Särelä, M. (2014). Denial-of-service attacks in bloom-filter-based forwarding. IEEE/ACM Transactions on Networking 22(5), 1463-1476

Augé, J., Carofiglio, G., Grassi, G., Muscariello, L., Pau, G., and Zeng, X. (2015, Sept./Oct.). Anchorless producer mobility in ICN. In Proceedings of the 2nd ACM International Conference on InformationCentric Networking (ICN), San Francisco, USA, 189-190

Broder, A. and Mitzenmacher, M. (2004). Network applications of bloom filters: A survey. Internet Mathematics 1(4), 485-509

Carl, G., Kesidis, G., Brooks, R. R., and Rai, S. (2006). Denial-of-service attack-detection techniques. IEEE Internet Computing 10(1), 82-89

Carofiglio, G., Gallo, M., Muscariello, L., and Perino, D. (2015, September). Pending interest table sizing in named data networking. In Proceedings of the 2nd ACM International Conference on Information-Centric Networking, San Francisco, USA, 49-58

Carrea, L., Vernitski, A., and Reed, M.J. (2014, January). Optimized hash for network path encoding with minimized false positives. Computer Networks 58, 180-191

Chai, W.K., Katsaros, K.V., Strobbe, M., Romano, P., Ge, C., Develder, C., Pavlou, G., and Wang, N. (2015, Sept./Oct.). Enabling smart grid applications with ICN. In Proceedings of the 2nd ACM International Conference on Information-Centric Networking (ICN), San Francisco, USA, 207-208

The CCNx (Content-Centric Networking) Project, http://www.ccnx.org [December 2016]

D’Oro, S., Galluccio, L., Morabito, G., and Palazzo, S. (2014). SatCache: A profile-aware caching strategy for information-centric satellite networks. Transactions on Emerging Telecommunications Technologies 25(4), 436-444

Dai, H., Lu, J., Wang, Y., and Liu B. (2015, April/- May). BFAST: Unified and scalable index for NDN forwarding architecture. In Proceedings of the 34th IEEE International Conference on Computer Communications (INFOCOM), Hong Kong, 2290-2298

Dannewitz, C., Kutscher, D., Ohlman, B., Farrell, S., Ahlgren, B., and Karl, H. (2013). Network of Information (NetInf) - An information-centric networking architecture. Computer Communications 36(7), 721-735

Esteve, C., Verdi, F. L., and Magalhaes, M. F. (2008, December). Towards a new generation of information-oriented internetworking architectures. In Proceedings of the 2008 ACM CoNEXT Conference, Madrid, Spain

Fotiou, N., Nikander, P., Trossen, D., and Polyzos, G.C. (2010, October). Developing information networking further: From PSIRP to PURSUIT. In Proceedings of the 7th International ICST Conference on Broadband Communications, Networks, and Systems (BROADNETS), Athens, Greece, 1-13

Fotiou, N., and Polyzos, G.C. (2014, Sept.). ICN privacy and name based security. In Proceedings of the 1st ACM International Conference on InformationCentric Networking (ICN), Paris, France, 5-6

Fotiou, N., and Polyzos, G. C. (2016, September). Securing Content Sharing over ICN. In Proceedings of the 3rd ACM Conference on Information-Centric Networking, Kyoto, Japan, 176-185

Frangoudis, P. A., Polyzos, G. C., and Kemerlis, V. P. (2011). Wireless community networks: An alternative approach for nomadic broadband network access. IEEE Communications Magazine 49(5), 206-213

Garcia-Reinoso, J., Fernández, N., Vidal, I., and Fisteus, J. (2015, January). Scalable data replication in content-centric networking based on alias names. Journal of Network and Computer Applications 47, 85-98

Guifi.Net Community Network, www.guifi.net [December 2016]

Handley, M. (2006, July). Why the Internet only just works. BT Technology Journal 24(3), 119-129

Hoefling, M., Heimgaertner, F., Menth, M., Katsaros, K. V., Romano, P., Zanni, L., and Kamel, G. (2015, March). Enabling resilient smart grid communication over the information-centric C-DAX middleware. In Proceedings of the IEEE International Conference and Workshops on Networked Systems (NetSys), Cottbus, Germany, 1-8

Jacobson, V., Smetters, D. K., Thornton, J. D., Plass, M. F., Briggs, N. H., and Braynard, R. L. (2009, December). Networking named content. In Proceedings of the 5th ACM International Conference on Emerging Networking Experiments and Technologies (CONEXT), Rome, Italy, 1-12

Jokela, P., Zahemszky, A., Rothenberg, C.E., Arianfar, S., and Nikander, P. (2009, October). LIPSIN: Line speed publish/subscribe internetworking. ACM SIGCOMM Computer Communications Review 39(4), 195-206

Kamel, G. Wang, N., Vassilakis, V., Sun, Z., Navaratnam, P., Wang, C., Dong, L., and Tafazolli, R. (2015, August). CAINE: A context-aware information-centric network ecosystem. IEEE Communications Magazine, 53(8), 176-183

Katsaros, K.V., Chai, W.K., Wang, N., Pavlou, G., Bontius, H., and Paolone, M. (2014, May/June). Information-centric networking for machine-tomachine data delivery: A case study in smart grid applications. IEEE Network 28(3), 58-64

Li, D., and Cuah, M.C. (2013, December). SCOM: A scalable content centric network architecture with mobility support. In Proceedings of the 9th IEEE International Conference on Mobile Ad-hoc and Sensor Networks (MSN), Dalian, Liaoning, China, 25-32

Liolis, K. P., Drougas, A., Andrikopoulos, I. A., Arnal, F., Baudoin, C., Ververidis, C. N., and Guta, M. (2012, September). Satellite-Terrestrial Integration Scenarios for Future Information-Centric Networks. In Proceedings of the 30th AIAA International Communications Satellite Systems Conference (ICSSC), Ottawa, Canada

Martignon, F., Paris, S., Filippini, I., Chen, L., and Capone, A. (2015). Efficient and truthful bandwidth allocation in wireless mesh community networks. IEEE/ACM Transactions on Networking 23(1), 161- 174

Massawe, E.A., Du, S., and Zhu, H. (2013, July). A scalable and privacy-preserving named data networking architecture based on Bloom filters. In Proceedings of the 33rd IEEE International Conference on Distributed Computing Systems (ICDCS), Philadelphia, USA, 22-26

Papalini, M., Carzaniga, A., Khazaei, K., and Wolf, A.L. (2014, September). Scalable routing for tag-based information-centric networking. In Proceedings of the 1st ACM International Conference on Information-Centric Networking (ICN), Paris, France, 17-26

H2020 POINT (iP Over IcN the betTer IP) Project, https://www.point-h2020.eu [December 2016].

FP7 PURSUIT (Pursuing a Pub/Sub Internet) Project, http://www.fp7-pursuit.eu [December 2016].

Quan, W., Xu, C., Vasilakos, A.V., Guan, J., Zhang, H., and Grieco, L.A. (2014, June). TB2F: Treebitmap and Bloom-filter for a scalable and efficient name lookup in content-centric networking. In Proceedings of the IFIP Networking Conference, Trondheim, Norway, 1-9

H2020 RIFE (aRchitecture for an Internet For Everybody) Project, https://rife-project.eu [December 2016].

Rothenberg, C.E., Jokela, P., Nikander, P., Särelä, M., and Ylitalo, Y. (2009). Self-routing denial-ofservice resistant capabilities using in-packet Bloom filters. In Proceedings of the European Conference onComputer Network Defense (EC2ND), Milan, Italy, 46-51

Särelä, M., Rothenberg, C.E., Aura, T., Zahemszky, A., Nikander, P., and Ott, J. (2011, April). Forwarding anomalies in Bloom filter-based multicast. In Proceedings of the 30th IEEE International Conference on Computer Communications (INFOCOM), Shanghai, China, 2399-2407

Siris, V. A., Ververidis, C. N., Polyzos, G. C., and Liolis, K. P. (2012, October). Information-Centric Networking (ICN) architectures for integration of satellites into the Future Internet. In Proceedings IEEE First AESS European Conference on Satellite Telecommunications (ESTEL), Rome, Italy, 1-6

Sourlas, V., Flegkas, P., Georgatsos, P., and Tassiulas, L. (2014, December). Cache-aware traffic engineering in information-centric networks. In Proceedings of the 19th IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Athens, Greece, 295-299

Sourlas, V., Psaras, I., Saino, L., and Pavlou, G. (2016, July). Efficient hash-routing and domain clustering techniques for information-centric networks. Computer Networks 103, 67-83

Sun, Y., Fayaz, S.K., Guo, Y., Sekar, V., Jin, Y., Kaafar, M.A., and Uhlig, S. (2014, December). Tracedriven analysis of ICN caching algorithms on videoon-demand workloads. In Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies (CoNEXT), Sydney, Australia, 363-376

Tapolcai, J., Gulyás, A., Heszbergery, Z., Biro, J., Babarczi, P., and Trossen, D. (2012, December). Stateless multi-stage dissemination of information: Source routing revisited. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), Anaheim, California, USA, 2797-2802

Tapolcai, J., Bíró, J., Babarczi, P., Gulyás, A., Heszberger, Z., and Trossen, D. (2015, December). Optimal false-positive-free Bloom filter design for scalable multicast forwarding. IEEE/ACM Transactions on Networking 23(6), 1832-1845

Thomas, Y., Xylomenos, G., Tsilopoulos, C., and Polyzos, G.C. (2015, September). Object-oriented Packet Caching for ICN. In Proceedings of the 2nd ACM International Conference on InformationCentric Networking, 89-98

Thomas, Y., Frangoudis, P.A., and Polyzos, G.C. (2015, June). QoS-driven multipath routing for ondemand video streaming in a publish-subscribe Internet. In Proceedings of the IEEE International Conference on Multimedia & Expo Workshops (ICMEW), 1-6

Tortelli, M.L., Grieco, A., and Boggia, G. (2012, September). CCN forwarding engine based on Bloom filters. In Proceedings of the 7th ACM International Conference on Future Internet Technologies, Seoul, Republic of Korea, 13-14

Tsilopoulos, C., Xylomenos, G., and Thomas, Y. (2014, April/May). Reducing forwarding state in content-centric networks with semi-stateless forwarding. In Proceedings of the 33th IEEE International Conference on Computer Communications (INFOCOM), Toronto, Canada, 2067-2075

Tyson, G., Sastry, N., Rimac, I., Cuevas, R., and Mauthe, A. (2012, June). A survey of mobility in information-centric networks: Challenges and research directions. In Proceedings of the 1st ACM workshop on Emerging Name-Oriented Mobile Net-working Design-Architecture, Algorithms, and Applications, 1-6

H2020 UMobile (Universal, Mobile-centric and opportunistic communication architecture) Project, http://www.umobile-project.eu [December 2016]

Vasilakos, X., Siris, V.A., Polyzos, G.C., and Pomonis, M. (2012, August). Proactive selective neighbor caching for enhancing mobility support in information-centric networks. In Proceedings of the 2nd ACM Workshop on Information-Centric Networking (ICN), Helsinki, Finland

Vassilakis, V.G., Al-Naday, M.F., Reed, M.J., Alzahrani, B.A., Yang, K., Moscholios, I.D., and Logothetis, M.D. (2014, July). A cache-aware routing scheme for information-centric networks. In Proceedings of the 9th IEEE/IET International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Manchester, U.K., 721-726

Vassilakis, V.G., Alohali, B.A., Moscholios, I.D., and Logothetis, M.D. (2015, June). Mitigating distributed denial-of-service attacks in named data networking. In Proceedings of the 11th Advanced International Conference on Telecommunications (AICT), Brussels, Belgium, 18-23

Vassilakis, V.G., Carrea, L., Moscholios, I.D., and Logothetis, M.D. (2016, July). Mediator-assisted multi-source routing in information-centric networks. In Proceedings of the 10th IEEE/IET International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Prague, Czech Republic

Vassilakis, V.G., Wang, L., Carrea, L., Moscholios, I.D., and Logothetis, M.D. (2016). Scalable Bloomfilter based content dissemination in community networks using information centric principles. In Proceedings of the IEICE Information and Communication Technology Forum (ICTF), Patras, Greece

Vural, S., Wang, N., Navaratnam, P., and Tafazolli, R. (2016). Caching Transient Data in Internet Content Routers. IEEE/ACM Transactions on Networking (in press)

Xylomenos, G., Ververidis, C.N., Siris, V.A., Fotiou, N., Tsilopoulos, C., Vasilakos, X., Katsaros, K.V., and Polyzos, G.C. (2014, May). A survey of information-centric networking research. IEEE Communications Surveys & Tutorials 16(2), 1024-1049

Yang, W., Trossen, D., and Tapolcai, J. (2013, June). Scalable forwarding for information-centric networks. In Proceedings of the IEEE International Conference on Communications (ICC), Budapest, Hungary, 3639-3644

Yi, C., Afanasyev, A., Moiseenko, I., Wang, L., Zhang, B., and Zhang, L. (2013, April). A case for stateful forwarding plane. Computer Communications 36(7), 779-791

Yuan, H., Song, T., and Crowley, P. (2012, July/August). Scalable NDN forwarding: Concepts, issues and principles. In Proceedings of the 21st International Conference on Computer Communications and Networks, Munich, Germany

Zhang, L., Afanasyev, A., Burke, J., Jacobson, V.,Crowley, P., Papadopoulos, C., Wang, L., Zhang, B. (2014, July). Named data networking. ACM SIGCOMM Computer Communications Review 44(3), 66-73

Zhang, X., Wang, N., Vassilakis, V.G., and Howarth, M.P. (2015, November). A distributed in-network caching scheme for P2P-like content chunk delivery. Computer Networks 91, 577-592


Refbacks

  • There are currently no refbacks.


Copyright (c) 2016 IMAGE PROCESSING & COMMUNICATIONS