A Security Monitoring Plane for Named Data Networking Deployment

Abstract : NDN is the most mature proposal of the ICN paradigm, a clean-slate approach for the Future Internet. Although NDN was designed to natively tackle security issues inherent to IP networks, it also introduces new security threats that may prevent its practical deployment by telco operators. Therefore, designing and implementing a dedicated security monitoring plane is essential to enable such future deployment. In this article, we present a set of contributions in this area. It first consists of featuring significant NDN attacks in a real operating context to evaluate their actual impact. Then, by analyzing the NFD data plane pipelines, we present a monitoring plane design that captures the state of NDN nodes by instrumenting 18 metrics with dedicated probes. We then correlate these metrics with a Bayesian network, which allows the detection of potential abnormal behaviors. To validate our approach, we demonstrate the efficiency of our monitoring plane in the detection of content poisoning attacks and interest flooding attacks in a testbed carrying real traffic.
Keywords : dissemin
Document type :
Journal articles
Complete list of metadatas

Cited literature [15 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02407673
Contributor : Projet Dissemin <>
Submitted on : Thursday, December 12, 2019 - 3:54:14 PM
Last modification on : Wednesday, January 15, 2020 - 1:19:55 AM

File

article.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Tan Nguyen, Hoang-Long Mai, Guillaume Doyen, Rémi Cogranne, Wissam Mallouli, et al.. A Security Monitoring Plane for Named Data Networking Deployment. IEEE Communications Magazine, Institute of Electrical and Electronics Engineers, 2018, 56 (11), pp.88-94. ⟨10.1109/mcom.2018.1701135⟩. ⟨hal-02407673⟩

Share

Metrics

Record views

8

Files downloads

12