Named Data Networking (NDN) has the potential to create a more secure future Internet. It is therefore crucial to investigate its vulnerabilities in order to make it safer against information leakage attacks. In NDN, malware inside an enterprise can encode confidential information into Interest names and send it to the attacker. One of the countermeasures is to inspect a name in the Interest using a name filter and identify it as legitimate or anomalous. Although the name filter can dramatically decrease the information leakage throughput per Interest, it has a serious disadvantage: it does not consider a flow of Interests. This means that the malware can not only cause information leakage, but even improve the speed of the attack by aggressively producing massive flows of malicious Interests. This paper investigates such NDN flow attacks. Our contribution is twofold. First, we present a scheme that converts an HTTP flow into the corresponding NDN flow, as to date there is no publicly available dataset of the latter. Second, we propose an NDN flow filter based on support vector machines to classify the short-term activity of NDN consumers as legitimate or anomalous. In order to obtain legitimate and anomalous flows, we use a preprocessing anomaly detection step where we mark consumers based on their long-term activity. Our results clearly show that the flow filter improves the performance of the name filter by two orders of magnitude. Thus, we expect that our approach will drastically reduce the impact of this security attack in NDN.

命名数据网络（NDN）有潜力创建一个更安全的未来Internet。因此，至关重要的是调查其漏洞，以使其更安全地防御信息泄漏攻击。在NDN中，企业内部的恶意软件可以将机密信息编码为兴趣名称，并将其发送给攻击者。一种对策是使用名称过滤器检查兴趣中的名称，并将其标识为合法或异常。尽管名称过滤器可以显着降低每个兴趣点的信息泄漏吞吐量，但它具有严重的缺点：它不考虑流量利益。这意味着恶意软件不仅会导致信息泄漏，而且还会通过激增地产生大量恶意兴趣流来提高攻击速度。本文研究了此类NDN流攻击。我们的贡献是双重的。首先，我们提出了一种将HTTP流转换为相应的NDN流的方案，因为迄今为止尚无公开的NDN流数据集。其次，我们提出了一种基于支持向量机的NDN流量过滤器，将NDN消费者的短期活动分类为合法或异常。为了获得合法和异常的流量，我们使用了预处理异常检测步骤，在该步骤中，我们根据消费者的长期情况对其进行标记活动。我们的结果清楚地表明，流量过滤器将名称过滤器的性能提高了两个数量级。因此，我们希望我们的方法将大大减少这种安全攻击对NDN的影响。