The named data networking flow filter: Towards improved security over information leakage attacks

Named Data Networking (NDN) has the potential to create a more secure future Internet. It is therefore crucial to investigate its vulnerabilities in order to make it safer against information leakage attacks. In NDN, malware inside an enterprise can encode condential information into Interest names and send it to the attacker. One of the countermeasures is to inspect a name in the Interest using a name lter and identify it as legitimate or anomalous. Although the name lter can dramatically decrease the information leakage throughput per Interest, it has a serious disadvantage: it does not consider a ow of Interests. This means that the malware can not only cause information leakage, but even improve the speed of the attack by aggressively producing massive ows of malicious Interests. This paper investigates such NDN ow attacks. Our contribution is twofold. First, we present a scheme that converts an HTTP ow into the corresponding NDN ow, as to date there is no publicly available dataset of the latter. Second, we propose an NDN ow lter based on support vector machines to classify the short-term activity of NDN consumers as legitimate or anomalous. In order to obtain legitimate and anomalous ows, we use a preprocessing anomaly detection step where we mark consumers based on their long-term activity. Our results clearly show that the ow lter improves the performance of the name lter by
two orders of magnitude. Thus, we expect that our approach will drastically reduce the impact of this security attack in NDN.