LogDoS: a novel logging-based DDoS prevention mechanism in path identifier-based information centric networks

Abstract

Information Centric Networks (ICNs) have emerged in recent years as a new networking paradigm for the next-generation Internet. The primary goal of these networks is to provide effective mechanisms for content distribution and retrieval based on in-network content caching. Several network architectures were proposed in recent years to realize this communication model. This include Named Data Networks (NDN) and Path-Identifier (PID) based ICN. This paper proposes LogDoS as a novel mechanism to address the problem of data flooding attacks in PID-based ICNs. The proposed LogDoS mechanism is a unique hybrid approach that combines the best of NDN networks and PID-based ICNs, and it is the first to employ Bloom-filter based logging approach in a novel way to filter attack traffic efficiently. In this context, we develop and model three versions of LogDoS with varying levels of storage overhead at LogDoS-enabled routers. Extensive simulation experiments show that LogDoS is very effective against DDoS attacks as it can filter more than 99.98% of attack traffic in different attack scenarios while incurring acceptable storage overhead.