Visible to the public Towards a security monitoring plane for named data networking and its application against content poisoning attack

TitleTowards a security monitoring plane for named data networking and its application against content poisoning attack
Publication TypeConference Paper
Year of Publication2018
AuthorsMai, H. L., Nguyen, T., Doyen, G., Cogranne, R., Mallouli, W., Oca, E. M. de, Festor, O.
Conference NameNOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium
Keywordsanomaly detection, Bayes methods, Bayesian Network, Bayesian network structure, Bayesian Network techniques, clean slate, clean-slate approach, computer network security, Detectors, hypothesis testing, information centric networking paradigm, Information Centric Networks, Internet, IP networks, Measurement, microdetector, Monitoring, named data networking, NDN node, NDN specification, pubcrawl, Resiliency, Scalability, security, security issues, security monitoring approach, security monitoring plane, security of data

Named Data Networking (NDN) is the most mature proposal of the Information Centric Networking paradigm, a clean-slate approach for the Future Internet. Although NDN was designed to tackle security issues inherent to IP networks natively, newly introduced security attacks in its transitional phase threaten NDN's practical deployment. Therefore, a security monitoring plane for NDN is indispensable before any potential deployment of this novel architecture in an operating context by any provider. We propose an approach for the monitoring and anomaly detection in NDN nodes leveraging Bayesian Network techniques. A list of monitored metrics is introduced as a quantitative measure to feature the behavior of an NDN node. By leveraging the hypothesis testing theory, a micro detector is developed to detect whenever the metric significantly changes from its normal behavior. A Bayesian network structure that correlates alarms from micro detectors is designed based on the expert knowledge of the NDN specification and the NFD implementation. The relevance and performance of our security monitoring approach are demonstrated by considering the Content Poisoning Attack (CPA), one of the most critical attacks in NDN, through numerous experiment data collected from a real NDN deployment.

Citation Keymai_towards_2018