计算机科学与探索 ›› 2021, Vol. 15 ›› Issue (4): 658-669.DOI: 10.3778/j.issn.1673-9418.2004042

• 网络与信息安全 • 上一篇    下一篇

融合人体免疫防御机理的ICN安全路由机制

孙莉莉,易波,王兴伟,黄敏   

  1. 1. 东北大学 计算机科学与工程学院,沈阳 110169
    2. 东北大学 信息科学与工程学院,沈阳 110819
  • 出版日期:2021-04-01 发布日期:2021-04-02

Human Immune Defense Theory Merged ICN Secure Routing Mechanism

SUN Lili, YI Bo, WANG Xingwei, HUANG Min   

  1. 1. School of Computer Science and Engineering, Northeastern University, Shenyang 110169, China
    2. School of Information Science and Engineering, Northeastern University, Shenyang 110819, China
  • Online:2021-04-01 Published:2021-04-02

摘要:

信息中心网络(ICN)引入网内缓存机制使路由器具有内容缓存功能,将网络由IP寻址改为内容名称寻址,旨在更好地为内容分发类应用提供服务。而兴趣洪泛攻击(IFA)会导致路由器资源耗尽,使其大量丢弃合法兴趣包,成为ICN的安全“克星”。结合人体免疫防御机理,提出两阶段ICN安全路由机制抵御兴趣洪泛攻击。在免疫时间内,通过免疫反馈及隔离策略完成非特异性免疫,防止路由器未决兴趣表(PIT)被恶意占用;但非特异性免疫不能缓解持续的IFA攻击,因此进一步通过回溯策略完成特异性免疫,形成免疫记忆,彻底阻断兴趣洪泛攻击。实验结果表明,提出的路由机制可有效抵御兴趣洪泛攻击,减少攻击造成的资源耗尽及无效计算,保证了网络性能。

关键词: 信息中心网络(ICN), 人体免疫防御, 非特异性免疫, 特异性免疫, 安全路由

Abstract:

Information-centric networking (ICN) introduces in-network caching mechanism to enable routers to have content caching function, changing the network from IP addressing to content name addressing, aiming to better provide services for content distribution applications. However, interest flooding attack (IFA) will lead to the exhaustion of router resources and make it discard a large number of legitimate interest packets, thus becoming the “bane” of ICN security. Combined with human immune defense theory, a two-stage ICN secure routing mechanism is proposed to resist interest flooding attacks. During the immunization time, non-specific immunization is completed through immune feedback and isolation strategy to prevent the pending interest table (PIT) of the router from being maliciously occupied. However, non-specific immunity cannot alleviate persistent IFA attacks, so further specific immunity is completed through backtracking strategy to form immune memory and completely block interest flooding attacks. Experimental results show that the proposed routing mechanism can effectively resist interest flooding attacks, reduce resource depletion and invalid computation caused by attacks, and ensure network performance.

Key words: information-centric networking (ICN), human immune defense, non-specific immunity, specific immunity, safe routing