Named Data Networking (NDN) is a new and attractive paradigm that got a broad interest in recent researches as a potential alternative for the existing IP-based (host-based) Internet architecture. Security is considered explicitly as one of the most critical issues about NDN. Despite that NDN architecture presents higher resilience against most existing attacks, its architecture, nevertheless, can be exploited to start a DDoS attack. In the DDoS attack, the attacker tries to create and transmit a large number of fake Interest packets to increase network congestion and thus dropping legitimate interests by NDN routers. This paper proposes a new technique to detect and mitigate DDoS attacks in NDN that depends on cooperation among NDN routers with the help of a centralized controller. The functionality of these routers depends on their positions inside the autonomous system (AS). The simulation results show that the suggested technique is effective and precise to detect the fake name prefixes and, it offers better performance comparing with the previously proposed ones.

中文翻译：

---

检测和减轻命名数据网络中的 DDoS 攻击

命名数据网络 (NDN) 是一种新的、有吸引力的范式，在最近的研究中引起了广泛的兴趣，作为现有基于 IP（基于主机）互联网架构的潜在替代方案。安全性被明确视为 NDN 最关键的问题之一。尽管 NDN 架构对大多数现有攻击具有更高的弹性，但其架构仍可用于发起 DDoS 攻击。在 DDoS 攻击中，攻击者试图创建和传输大量虚假的兴趣包，以增加网络拥塞，从而丢弃 NDN 路由器的合法兴趣。本文提出了一种新技术来检测和缓解 NDN 中的 DDoS 攻击，该技术依赖于 NDN 路由器之间在集中控制器的帮助下的协作。这些路由器的功能取决于它们在自治系统 (AS) 中的位置。仿真结果表明，所提出的技术可以有效且精确地检测假名称前缀，并且与之前提出的技术相比，它具有更好的性能。